Does anybody know what exactly Pleroma needs for a valid Webfinger check? I'm attempting to figure out why @jmtd@pleroma.debian.social won't resolve in NodeBB, and it's because the webfinger call returns 400 Bad Request.
NodeBB is calling https://pleroma.debian.social/.well-known/webfinger?resource=acct%3Ajmtd%40pleroma.debian.social with User-Agent and Content-Type headers (curiously, it's not sending Accept, but it also fails if that header is set, so that's irrelevant.)
Navigating to that webfinger url in the browser returns XML, which is :grimacing: but I'm not even getting that when NodeBB makes the call.
Since that's the content-type for webfinger, not application/json. In fedify, the fetch call is also with redirect manual, such that max redirection logic and SSRF checks can be done.
@julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.
@julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)