1a74b74a40
* Add limit on inbox payload size The 1MB limit is consistent with the limit we use when fetching remote resources * Add limit to number of options from federated polls * Add a limit to the number of federated profile fields * Add limit on federated username length * Add hard limits for federated display name and account bio * Add hard limits for `alsoKnownAs` and `attributionDomains` * Add hard limit on federated custom emoji shortcode * Highlight most destructive limits and expand on their reasoning
4.3 KiB
Federation
Supported federation protocols and standards
- ActivityPub (Server-to-Server)
- WebFinger
- Http Signatures
- NodeInfo
Supported FEPs
- FEP-67ff: FEDERATION.md
- FEP-f1d5: NodeInfo in Fediverse Software
- FEP-8fcf: Followers collection synchronization across servers
- FEP-5feb: Search indexing consent for actors
- FEP-044f: Consent-respecting quote posts: partial support for incoming quote-posts
ActivityPub in Mastodon
Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
Required extensions
WebFinger
In Mastodon, users are identified by a username and domain pair (e.g., Gargron@mastodon.social).
This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an acct: URI that can be resolved via WebFinger.
HTTP Signatures
In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every POST and GET request to other ActivityPub implementations on behalf of the user authoring an activity (for POST requests) or an actor representing the Mastodon server itself (for most GET requests).
Mastodon requires all POST requests to be signed, and MAY require GET requests to be signed, depending on the configuration of the Mastodon server.
Optional extensions
Additional documentation
Size limits
Mastodon imposes a few hard limits on federated content. These limits are intended to be very generous and way above what the Mastodon user experience is optimized for, so as to accomodate future changes and unusual or unforeseen usage patterns, while still providing some limits for performance reasons. The following table attempts to summary those limits.
| Limited property | Size limit | Consequence of exceeding the limit |
|---|---|---|
| Serialized JSON-LD | 1MB | Activity is rejected/dropped |
Profile fields (actor PropertyValue attachments) name/value |
2047 | Field name/value is truncated |
Number of profile fields (actor PropertyValue attachments) |
50 | Fields list is truncated |
Poll options (number of anyOf/oneOf in a Question) |
500 | Items list is truncated |
Account username (actor preferredUsername) length |
2048 | Actor will be rejected |
Account display name (actor name) length |
2048 | Display name will be truncated |
Account note (actor summary) length |
20kB | Account note will be truncated |
Account attributionDomains |
256 | List will be truncated |
Account aliases (actor alsoKnownAs) |
256 | List will be truncated |
Custom emoji shortcode (Emoji name) |
2048 | Emoji will be rejected |