Calling between Glitch apps

I’m playing with @lmorchard’s FediRing app at the moment. It’s neat!

Two of the profiles I want to add, are single-user Fedi apps that also happen to run on Glitch (one is Shuttlecraft, and one is Postmarks). In both cases, when the FediRing app tries to call the WebFinger resource ([domain]/.well-known/webfinger?resource=acct:[user]), I am seeing a 403 Forbidden; but, making the same query from outside of Glitch, they return valid XML responses.

I’m guessing (at least, I have a hunch?) that I’m not allowed to call one app on Glitch, from another app on Glitch? The two instances that I’m trying to call are both Boosted apps on a paid plan, FWIW. Is this a correct guess, or should I try looking at other things?

Thanks :slight_smile:

1 Like

hey @andypiper! i’m going to have the eng team look into this because it’s not the first time i’ve heard of such an issue. can you tell if there’s a user-agent in the request header of the request being made to the other app? i know that we block requests that don’t have a user-agent set, but i’m not sure if that’s what’s happening here.

1 Like

oh! you know what - that could be a thing. It’s happening inside of a JS library, so there’s a decent chance that it does not set a UA (and now you mentioned that, the information comes flooding back to me). I’ll have a play.

… OK, so using the exact same method to call from my local system is working (implies a UA is being set, I think, or maybe not?), but running this on Glitch:

import { WebFinger } from "webfinger.js";

var webfinger = new WebFinger();

webfinger.lookup('', function (err, p) {
  if (err) {
    console.log('error: ', err);
  } else {
    console.dir(p, { depth: null });

$ node wf.js
error:  {
  message: 'error during request',
  url: '',
  status: 403,
  toString: [Function (anonymous)]

Additionally attempting to use curl and setting an explicit User-Agent is also returning the 403.

If it’s a “no”, that’s OK - it’s a shame, but it’s OK - just wanting to make sure I’m not doing missing something that I could be doing instead here. Also, it could be a blocker for some other fedi-related things I was thinking about.

Thanks for including all of this - the answer is a “that’s weird, let me see if this is intended or not but it probably isn’t” so I’m going to flag this to the engineering team. It may take a day or so to follow up, but we’re on it!

1 Like

I’ve been having this problem too Cross-project requests fail intermittently

It’s meant to be allowed.

  1. make sure you are setting a User-Agent header in the request
  2. try making the request from a remix

sometimes projects get into this situation where any request they make to glitch gives 403. it varies day to day which projects experience this.

For what it’s worth, one other case where you may also get a 403 happen is if/when FediRing tries to fetch resources from Mastodon instances where authorized fetch has been enabled. (i.e. because the HTTP GET requests aren’t signed with an actor key)

But… that doesn’t look like it should be the case here, since Glitch ain’t Mastodon :slight_smile: Still, maybe worth noting if you see it during troubleshooting

1 Like

Yep, I have that issue with one of the accounts I’m poking, but not these two. Also have some interesting other implementations that behave… unexpectedly… on a WebFinger request. Learning! Thanks.