mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-24 01:23:32 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[docs] restructure federation section (#3038)

Browse source
This commit is contained in:
tobi 2024-06-25 12:04:45 +02:00 committed by GitHub
commit fa710057c8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 951 additions and 955 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/federation/access_control.md Normal file
View file

@ -0,0 +1,11 @@
# Access Control
GoToSocial uses access control restrictions to protect users and resources from unwanted interactions with remote accounts and instances.
As shown in the [HTTP Signatures](#http-signatures) section, GoToSocial requires all incoming `GET` and `POST` requests from remote servers to be signed. Unsigned requests will be denied with http code `401 Unauthorized`.
Access control restrictions are implemented by checking the `keyId` of the signature (who owns the public/private key pair making the request).
First, the host value of the `keyId` uri is checked against the GoToSocial instance's list of blocked (defederated) domains. If the host is recognized as a blocked domain, then the http request will immediately be aborted with http code `403 Forbidden`.
Next, GoToSocial will check for the existence of a block (in either direction) between the owner of the public key making the http request, and the owner of the resource that the request is targeting. If the GoToSocial user blocks the remote account making the request, then the request will be aborted with http code `403 Forbidden`.