Federation to other instances broken in one way
Environment
- Installation type self build OTP
- Pleroma version 2.2.0-613-g46c390f9-release-2-2-0
- Elixir version
Erlang/OTP 23 [erts-11.0] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1]
Elixir 1.10.3 (compiled with Erlang/OTP 23)
- Operating system: Alpine Linux
- PostgreSQL version 12.4
Bug description
Pleroma answers with a HTTP/1.1 400 Bad Request when receiving a followers only or private message or interactions from a remote instance. The response contains "error". It does not matter if it is POSTed to /inbox or /users//inbox The incoming message does not appear in the database.
Everything sent out to other instances arrives there, but protected/private posts or other interactions (e.g. Likes oder Follow Request) from there are dropped by Error 400 with "error"
Request:
POST /inbox HTTP/1.1
Connection: upgrade
Host: localhost:4000
Content-Length: 1583
User-Agent: http.rb/4.4.1 (Mastodon/3.2.1; +https://other.instance/)
Date: Sat, 14 Nov 2020 22:17:33 GMT
Accept-Encoding: gzip
Digest: SHA-256=u/iVGeRavCsngiuP5ycGPFpb1YbxBLELix94aAKSCyI=
Content-Type: application/activity+json
Signature: keyId="https://other.instance/users/remoteUser#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="KdQi2apMywaRo9GjWUq5MjphYX5+BJUTV1R7mXXZDUk93r5JWQKGxA12ezaaqjUcHV7RIWgHU8RAtrMP1H+03gnr2jGu5ftao1J5KUDnmTzdukHCJBbEla49P2teY25rwpq4n4UulH2Sd2EzlHWzugjwBnStdXbloD8MxM6QLruM/FgAAQZUpKWgJTtMoJXJnQN2srSQA0qQoDpUE9Bs8tqrnlaJKvqH26O2Ya8n7twWZ2myzocsGELzbEIYK7irmjHx85ZDjafcJYqZzlZvsTt61gziDWkWC/JCBwdXwtX6L/imB50gY3sHK0KsPyaJxJAWeLdhh6LwAQ5jbcXqXw=="
{"@context":["https://www.w3.org/ns/activitystreams",{"ostatus":"http://ostatus.org#","atomUri":"ostatus:atomUri","inReplyToAtomUri":"ostatus:inReplyToAtomUri","conversation":"ostatus:conversation","sensitive":"as:sensitive","toot":"http://joinmastodon.org/ns#","votersCount":"toot:votersCount"}],"id":"https://other.instance/users/remoteUser/statuses/105210986663675913/activity","type":"Announce","actor":"https://other.instance/users/remoteUser","published":"2020-11-14T22:17:32Z","to":["https://other.instance/users/remoteUser/followers"],"cc":["https://other.instance/users/remoteUser"],"object":{"id":"https://other.instance/users/remoteUser/statuses/105210856113680441","type":"Note","summary":null,"inReplyTo":null,"published":"2020-11-14T21:44:20Z","url":"https://other.instance/@remoteUser/105210856113680441","attributedTo":"https://other.instance/users/remoteUser","to":["https://other.instance/users/remoteUser/followers"],"cc":[],"sensitive":false,"atomUri":"https://other.instance/users/remoteUser/statuses/105210856113680441","inReplyToAtomUri":null,"conversation":"tag:other.instance,2020-11-14:objectId=125148:objectType=Conversation","content":"<p>Test 2020-11-14 22:44:20</p>","contentMap":{"de":"<p>Test 2020-11-14 22:44:20</p>"},"attachment":[],"tag":[],"replies":{"id":"https://other.instance/users/remoteUser/statuses/105210856113680441/replies","type":"Collection","first":{"type":"CollectionPage","next":"https://other.instance/users/remoteUser/statuses/105210856113680441/replies?only_other_accounts=true&page=true","partOf":"https://other.instance/users/remoteUser/statuses/105210856113680441/replies","items":[]}}}}
Response:
HTTP/1.1 400 Bad Request
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key
cache-control: max-age=0, private, must-revalidate
content-length: 7
content-security-policy: upgrade-insecure-requests;script-src 'self';connect-src 'self' blob: https://local.instance wss://local.instance;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';
content-type: application/json; charset=utf-8
date: Sat, 14 Nov 2020 22:16:02 GMT
referrer-policy: same-origin
server: Cowboy
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: Fkd_qrKTH9YOIsEAADVh
x-xss-protection: 1; mode=block
"error"