I was playing with my "FediBadge" generator I created some time ago
I noticed that it doesn't show Person avatar of People from Friendica.
The thing uses webfinger to find the ActivitiyStream json representation of the acct from the user, and it get it's data from there.
Now I noticed that "icon" and 'image' properties are missing when I request a user profile with 'Accept:application/activity+json" from Friendica.
I looked at code and I found there:
https://github.com/friendica/friendica/blob/2024.03-rc/src/Protocol/ActivityPub/Transmitter.php#L405-L406
that 'icon' and 'image' and other profile proprties are behind $full flag, that for what I understand, is true if request is http-signed and from a 'live' contact of the profile.
(so, false for any anonymous get)
Why?
If the profile is public, that data is present on the html version of the profile.
This break my code, which is unfortunate, but also looks like it has the consequence that on mastodon (and others I think), when searching for a profile that is not already cached locally, ther
Friendica Developers reshared this.
Michael Vogel
in reply to Fabio • • •Yeah, that was done deliberately. This had been done, when Meta announced that Threads will do AP: So that Threads isn't able to fetch data, the requests have to be done with signed requests. To avoid any workarounds, the access to the non vital data is now restricted to systems that identify itself.
The access is possible for every system that isn't explicitly blocked.
For Friendica you can use
noscrapeas a workaround. Does this work for you?Fabio
in reply to Michael Vogel • •@Michael Vogel
no, the point was to work for every AS implementation, using standard AS.
But ok, it's only a toy, it's not important.
Still all data is available, in machine-parsable format, in html rendering, as hCard microformat. If anyone want to scrape my public avatar from my public profile, they can do it anyway.
Friendica Developers reshared this.
Michael Vogel
in reply to Fabio • • •