Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • PeriodicallyPedantic
    link
    fedilink
    English
    arrow-up
    8
    ·
    11 months ago

    No, you’re right. Everyone who downvoted probably also went on an angry tirade first, but they just didn’t type it out. Totally the same. 👍