Based on content available in ActivityPub specification before https://github.com/w3c/activitypub/commit/fae6a56a8dcba9de69374aa7ae0bef565217e5c7
Servers MAY implement this feature. To accomplish this, a client must submit a multipart/form-data request to the uploadMedia user's endpoint on their ActivityStreams actor object.
A client should expect that it must be properly authenticated in order to be able to upload media.
The submitted form data should contain two parts / fields:
- file
- The file being uploaded
- object
- An optional skeleton for an ActivityStreams object to be finalized by the server
Assuming that the server accepts the request and that the user was appropriately authorized to upload media, servers MUST respond with a
201 Created if the submitted media is immediately available or a
202 Accepted if the server is still processing the submitted media.
The response MUST contain a Location header pointing to the new or to be created object's id,
OR if considered a temporary transient object by the implementation, a copy of the object into the response body.
The server, having done any appropriate processing on the received file and putting it in place, transforms the object.
In particular, servers SHOULD include the uploaded and/or processed file paths in the object's url property.
(Examples to be included; implementation-side documentation example: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3056/diffs)