@julian @silverpill @trwnh I think instance-actor based fetching only really makes sense for public objects?
AP does indeed rely on a same-origin security model though, afaik, because they didn't wanna get into ACLs (which solid eventuality ended up with two of: WebACL and ACP)