@julian fedify manages it, so many take a look at their webfinger implementation?

@julian try sending `Accept: application/jrd+json`

Since that's the content-type for webfinger, not application/json. In fedify, the fetch call is also with redirect manual, such that max redirection logic and SSRF checks can be done.

@julian oh! it's because you're sending the Content-Type header, send Accept instead.

@julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.

thisismissem@hachyderm.io yeah, I tried sending Accept too, which also fails. Will try the suggested type.

The library we use just blanket sends content-type because we're usually POSTing haha. Shouldn't hurt to include it, but who knows.

@julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)

thisismissem@hachyderm.io yes, but... that takes effforrrrrrrtttt

Anyway, ding ding ding, application/jrd+json was it

@julian are you sending accept application/json or accept application/jrd+json instead of accept application/activity+json?

trwnh@mastodon.social before, I was not sending Accept at all, now I am sending application/jrd+json.

FWIW testing with cURL showed the same Bad Request with application/json.

@julian the Bad Request must be something else, because pleroma handles application/json and application/jrd+json just fine https://git.pleroma.social/pleroma/pleroma/-/blob/develop/lib/pleroma/web/web_finger/web_finger_controller.ex#L33