@Marius Why some of your activities have both actor and attributedTo ?
I currently reject these.
Conversation
Notices
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Wednesday, 05-Nov-2025 04:18:34 JST 
silverpill
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Wednesday, 05-Nov-2025 04:58:13 JST
silverpill
@mariusor @Marius I use these properties to determine who is the owner of an object. When both are present the result is ambiguous and that leads to a security risk in one situation which is currently theoretical but may be important for the client-to-server protocol that I am designing.
So I made the validator more strict to see who is generating objects with ambiguous ownership. Your actor and attributedTo are the same but I currently don't account for that.
-
Embed this notice
marius (mariusor@metalhead.club)'s status on Wednesday, 05-Nov-2025 04:58:15 JST 
marius
@silverpill there's no particular reason, that's how they came out of the random object generator.
It's not really against spec to have attributedTo on an activity. Why do you reject them?
I'll probably streamline it to just the actor, to keep the tests to minimal relevant details, so thanx. :)
-
Embed this notice
silverpill (silverpill@mitra.social)'s status on Thursday, 06-Nov-2025 06:11:33 JST
silverpill
@mariusor I ended up turning strict ownership validation off for S2S activities because some other implementations also add attributedTo to their activities.
-
Embed this notice
marius (mariusor@metalhead.club)'s status on Thursday, 06-Nov-2025 06:11:35 JST
marius
@silverpill I feel like validating that if they exist, they should both point to the same actor is a better strategy. (Which I think is what I've been doing in GoActivityPub)
-
Embed this notice
All GNU social JP content and data are available under the