One of the (many) challenges in #testing the #Fediverse is that some of the standards say one thing, but what is widely implemented is another.
Example: RFC 7033, WebFinger, section 5, requires presence of a CORS header.
So far we've not seen any Fediverse application that actually does this. Arguably it's not needed in the Fediverse, but the standard says MUST.
So we can either have all applications fail that test or not test against the standard. Your thoughts?