- From: Jason Culverhouse <jason@mischievous.org>
- Date: Thu, 14 Dec 2023 12:50:44 -0800
- To: Cristiano Longo <cristianolongo@opendatahacklab.org>
- Cc: public-swicg@w3.org
- Message-Id: <2D7D6398-AD0A-4C5C-A808-F8BF6512EB14@mischievous.org>
Just chiming in on this thread while the web finger works, fetching the activity pub person does not work for me. For sure this url should redirect https://www.threads.net/ap/users/mosseri/ when not accessed with a “json” content type. My mastodon instance (@JsonCulverhouse@flipboard.social) lets me follow so for sure it is working with mastodon user agents I made a generic get request with an http signature to the same endpoint, that also didn’t work. Has anyone gotten a fetch to work in a federated service other than mastodon? curl -vv -H 'Accept: application/activity+json' -s https://www.threads.net/ap/users/mosseri/ > GET /ap/users/mosseri/ HTTP/2 > Host: www.threads.net > User-Agent: curl/8.4.0 > Accept: application/activity+json > < HTTP/2 200 < vary: Accept-Encoding < set-cookie: csrftoken=BhQElIcw-0YjRuZGEuVSch; expires=Thu, 12-Dec-2024 20:32:04 GMT; Max-Age=31449600; path=/; domain=.threads.net; secure < set-cookie: mid=ZXtmRAAEAAFKNFXFE5SP61RKS44H; expires=Fri, 17-Jan-2025 20:32:04 GMT; Max-Age=34560000; path=/; domain=.threads.net; secure; httponly < accept-ch-lifetime: 4838400 < accept-ch: viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model < pragma: no-cache < cache-control: private, no-cache, no-store, must-revalidate < expires: Sat, 01 Jan 2000 00:00:00 GMT < content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';connect-src *.threads.net wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; < content-security-policy: default-src data: blob: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net;script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* static.cdninstagram.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.threads.net *.facebook.com *.instagram.com static.cdninstagram.com;connect-src blob: 'self' *.threads.net wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* *.instagram.com *.cdninstagram.com wss://*.instagram.com:*;font-src data: static.cdninstagram.com;img-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com about.fb.com engineering.fb.com www.gstatic.com *.fbsbx.com *.giphy.com pps.whatsapp.net;media-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com www.gstatic.com *.fbsbx.com *.giphy.com;frame-src *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; < report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.threads.net\/ajax\/barcelona_error_reports\/?device_level=unknown"}]} < x-frame-options: DENY < x-content-type-options: nosniff < x-xss-protection: 0 < reporting-endpoints: default="https://www.threads.net/ajax/barcelona_error_reports/?device_level=unknown" < cross-origin-opener-policy: same-origin-allow-popups < strict-transport-security: max-age=31536000; preload; includeSubDomains < content-type: text/html; charset="utf-8" < x-fb-debug: mIi2vDna/nrQak+dMGHymaJwcYUAH0TUOfq29feqdblO24Cfbd8cJY2VxQoZMmbfTd2/ComCKPKqqc44D28rag== < date: Thu, 14 Dec 2023 20:32:04 GMT < alt-svc: h3=":443"; ma=86400 Jason > On Dec 14, 2023, at 12:22 PM, Cristiano Longo <cristianolongo@opendatahacklab.org> wrote: > > I get the same response with all the accounts you mentioned. > > On 14/12/23 21:11, Ryan Barrett wrote: >> It's evidently a very limited set of accounts; so far I (and others) have only seen that @mosseri, @0xjessel, and @christophersu are federating so far. Others like @btsavage still aren't serving webfinger or AS2 yet. >> >> On Thu, Dec 14, 2023 at 11:23 AM Cristiano Longo <cristianolongo@opendatahacklab.org <mailto:cristianolongo@opendatahacklab.org>> wrote: >>> Still not working for me. May be I should declare the accepted encodings in the request. >>> >>> >>> >>> Request >>> >>> >>> >>> GET /@btsavage HTTP/2 >>> Host: www.threads.net <http://www.threads.net/> >>> accept: application/activity+json >>> >>> >>> >>> Response >>> >>> >>> >>> HTTP response code 320 >>> >>> empty body >>> >>> >>> >>> Headers >>> vary: Accept-Encoding >>> location: https://www.facebook.com/unsupportedbrowser >>> strict-transport-security: max-age=31536000; preload; includeSubDomains >>> content-type: text/html; charset="utf-8" >>> x-fb-debug: 0cHgFvshEWJR5sZU23uOemQcHuGcN+zUO8Wam4ym76dO5OEXTa4pOApVYp2AnEwPBkMl2L0E+IqWIkmcWDQICg== >>> content-length: 0 >>> date: Thu, 14 Dec 2023 19:17:07 GMT >>> alt-svc: h3=":443"; ma=86400 >>> >>> >>> >>> >>> >>> >>> >>> On 14/12/23 19:31, Chris Messina wrote: >>>> Seems like that is working now. >>>> >>>> <02C65517-12EF-4D8E-A0D0-461492E8F00B.jpg> >>>> >>>> https://www.threads.net/@0xjessel/post/C010QLJrQCI/? >>>> >>>> >>>> >>>> <https://chrismessina.me/> >>>> Chris Messina <https://chrismessina.me/> >>>> Investor • Ride Home AI Fund >>>> Previously: Google, Uber, Republic, Y Combinator 🏆 #1 Product Hunter <https://chrismessina.me/hunt-me> >>>> <https://threads.net/@chris> <https://www.producthunt.com/@chrismessina> <https://mastodon.xyz/@chrismessina> <https://open.spotify.com/user/factoryjoe> <https://linkedin.com/in/factoryjoe/> <https://instagram.com/chris> <https://medium.com/@chrismessina> >>>> Sent via Superhuman iOS <https://sprh.mn/?vip=chris.messina@gmail.com> >>>> >>>> On Thu, Dec 14 2023 at 6:12 AM, Cristiano Longo <cristianolongo@opendatahacklab.org <mailto:cristianolongo@opendatahacklab.org>> wrote: >>>>> >>>>> On 14/12/23 02:43, Ben Savage wrote: >>>>>> Hi everyone, >>>>>> >>>>>> Ben Savage here from Meta. Just a few quick points: >>>>>> >>>>>> This test is not yet started (debugging some last technical issues together with Mastodon engineers) >>>>>> Only a few accounts will be a part of this initial test. My Threads account (https://www.threads.net/@btsavage) will be one of those and I'm happy to make test posts to help people who want to work on Threads integration. >>>>>> We will share details about how to test soon, once we iron these issues out. >>>>>> >>>>>> --Ben >>>>>> >>>>> >>>>> But requesting content with activity+json mimetype I get a redirect to https://www.facebook.com/unsupportedbrowser >>>>> >>>>> >>>>> >>>>>> >>>>>> From: Kagami Rosylight <saschanaz@outlook.com> <mailto:saschanaz@outlook.com> >>>>>> Sent: Wednesday, December 13, 2023 11:09 PM >>>>>> To: public-swicg@w3.org <mailto:public-swicg@w3.org> <public-swicg@w3.org> <mailto:public-swicg@w3.org> >>>>>> Subject: Re: Threads testing federation via ActivityPub >>>>>> >>>>>> This Message Is From an Untrusted Sender >>>>>> You have not previously corresponded with this sender. >>>>>> >>>>>> The page source does include application/activity+json: <link href="https://www.threads.net/@zuck/post/C0zXcQmxO77" type="application/activity+json <>" /> >>>>>> >>>>>> But curl doesn't work as you noted, perhaps it requires some additional things to limit it for internal test? >>>>>> On 13/12/2023 21:35, Evan Prodromou wrote: >>>>>>> Mike Macgirving pointed out that I'm not using the right media type! I tried with ld+json and didn't get any traction, though. >>>>>>> >>>>>>> ``` >>>>>>> curl -H 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams" <https://www.w3.org/ns/activitystreams>' https://www.threads.net/@zuck >>>>>>> >>>>>>> curl -H 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams" <https://www.w3.org/ns/activitystreams>' https://www.threads.net/@zuck/post/C0zXcQmxO77 >>>>>>> >>>>>>> ``` >>>>>>> >>>>>>> On 2023-12-13 2:07 p.m., Evan Prodromou wrote: >>>>>>>> I just saw this post on Threads: >>>>>>>> >>>>>>>> https://www.threads.net/@zuck/post/C0zXcQmxO77 >>>>>>>> >>>>>>>> "Starting a test where posts from Threads accounts will be available on Mastodon and other services that use the ActivityPub protocol. Making Threads interoperable will give people more choice over how they interact and it will help content reach more people. I'm pretty optimistic about this." >>>>>>>> >>>>>>>> I haven't been able to probe WebFinger for threads.net <http://threads.net/> accounts, nor do Threads URLs reply with Activity Streams 2.0 content. >>>>>>>> >>>>>>>> ``` >>>>>>>> curl -H "Accept: application/activity+json" https://www.threads.net/@zuck >>>>>>>> curl -H "Accept: application/activity+json" https://www.threads.net/@zuck/post/C0zXcQmxO77 >>>>>>>> curl -v "https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net" <https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net> >>>>>>>> ``` >>>>>>>> >>>>>>>> Has anyone else been able to find signs of this "test" going on? >>>>>>>> >>>>>>>> Evan >>>>>>>> >> >> >> -- >> https://snarfed.org/
Received on Thursday, 14 December 2023 20:52:23 UTC