Fix AP object id: must be on actor's domain (Mastodon origin check)

Mastodon verifies the object id domain matches the actor domain. Using the post URL (coop.rose-ash.com) as object id caused silent rejection. Now always uses {activity_id}/object on federation domain. Also adds to/cc on object for visibility determination. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 08:52:56 +00:00
parent fd163b577f
commit eec750a699
1 changed files with 8 additions and 1 deletions
--- a/events/handlers/ap_delivery_handler.py
+++ b/events/handlers/ap_delivery_handler.py
@@ -28,15 +28,22 @@ def _build_activity_json(activity: APActivity, actor: ActorProfile, domain: str)

    obj = dict(activity.object_data or {})

+    # Object id MUST be on the actor's domain (Mastodon origin check).
+    # The post URL (e.g. coop.rose-ash.com/slug/) goes in "url" only.
+    object_id = activity.activity_id + "/object"
+
    if activity.activity_type == "Delete":
        # Delete: object is a Tombstone with just id + type
+        obj.setdefault("id", object_id)
        obj.setdefault("type", "Tombstone")
    else:
        # Create/Update: full object with attribution
-        obj.setdefault("id", obj.get("url") or (activity.activity_id + "/object"))
+        obj["id"] = object_id
        obj.setdefault("type", activity.object_type)
        obj.setdefault("attributedTo", actor_url)
        obj.setdefault("published", activity.published.isoformat() if activity.published else None)
+        obj.setdefault("to", ["https://www.w3.org/ns/activitystreams#Public"])
+        obj.setdefault("cc", [f"{actor_url}/followers"])

    return {
        "@context": [