Incorrect return types on webfinger errors
Opened this issue · 0 comments
Hi,
From RFC 7033:
4.2. Performing a WebFinger Query
A WebFinger client issues a query using the GET method to the well-
known [3] resource identified by the URI whose path component is
"/.well-known/webfinger" and whose query component MUST include the
"resource" parameter exactly once and set to the value of the URI for
which information is being sought.If the "resource" parameter is absent or malformed, the WebFinger
resource MUST indicate that the request is bad as per Section 10.4.1
of RFC 2616 [2].
Section 10.4.1 of RFC 2616:
10.4.1 400 Bad Request
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
modifications.
However, Plume returns "404 Not Found" when "resource" is missing, and "200 OK" when it is invalid:
$ curl https://fediverse.blog/.well-known/webfinger -i | head -n 1
HTTP/1.1 404 Not Found
$ https://fediverse.blog/.well-known/webfinger\?resource\=foobar
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 14 May 2020 18:42:15 GMT
Content-Type: text/plain
Content-Length: 51
Connection: keep-alive
Vary: Accept-Encoding
Invalid resource. Make sure to request an acct: URI
- Plume version: 0.4.0