zelo72/documentation
1
0
Fork 0
mirror of https://github.com/mastodon/documentation synced 2025-04-11 22:56:17 +02:00
Code Issues 6 Releases Wiki Activity

Draw attention to CORS requirements for WebFinger (#1581)

Browse Source 
Adds a callout box mentioning that CORS headers must be set if WebFinger requests are being redirected to support a customised WEB_DOMAIN value.

This requirement is not called out in the text (only the nginx config example next to it), and is non-obvious enough that, anecdotally, many servers do not implement it properly.

See: https://github.com/mastodon/mastodon/issues/26995
This commit is contained in:
Katherina Walshe-Grey 2025-01-06 09:18:36 +00:00 committed by GitHub
parent 047de3b135
commit f06dbf7a14
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/en/admin/config.md
View File

@ -34,6 +34,10 @@ location /.well-known/webfinger {
}
```
{{< hint style="info" >}}
You must serve the redirect with CORS headers; otherwise, some functions of Mastodon's web UI will not work. For example: `Access-Control-Allow-Origin: *`
{{</ hint >}}
#### `ALTERNATE_DOMAINS`
If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize itself when users are addressed using those other domains. Separate the domains by commas, e.g. `foo.com,bar.com`