Ryan Barrett

> Objects that are served from entirely different domain should never be accepted, otherwise system becomes vulnerable to cache poisoning Ah, good point! "Doesn't really apply" was maybe a bit...

I think the only main case of this left now is https://github.com/snarfed/bridgy-fed/issues/1093#issuecomment-2433795489, I'm going to merge this in there.

@tantek have you seen this recur at all? It's unsatisfying to not know what happened, but if we haven't managed to reproduce it, I may end up closing it.

Ran out of leads to follow here. Tentatively closing, but @tantek feel free to reopen!

Looks like this may have happened again with https://tantek.com/2024/173/t1/years-posse-microformats-adoption . BF delivered it like normal, https://fed.brid.gy/web/tantek.com shows that 309 inboxes received it ok and returned HTTP 2xx, but I can't...

Happening again with a few of the most recent posts on tantek.com, eg https://tantek.com/2024/245/t1/read-write-suggest-edit-web . Inbox delivery responses (eg on indieweb.social and w3c.social) were HTTP 202, as usual. 😕

Useful data point: Mastodon generally isn't showing [Tantek's latest post](https://tantek.com/2024/245/t1/read-write-suggest-edit-web), but @pcarrier (https://rrier.fr/@pc) reports that he sees it on his GotoSocial instance.

@tantek did some great sleuthing and narrowed this down to links to https://kevinmarks.com/ . That site doesn't serve SSL on the apex domain, so fetching that URL hangs and never...

The timeout is one possible root cause here, but not the only one. I see at least three: 1. Timeout described above 1. The AS2 includes a mention `tag` for...

Hi @renchap, thanks for checking in! There may be something to fix on your side, but we don't know for sure yet. Our best guess is that the root cause...