From 23287c6dcdb6bcdb18760c87bc4d98e1d9ca20cf Mon Sep 17 00:00:00 2001 From: Nolan Lawson Date: Mon, 2 Jul 2018 10:33:44 -0700 Subject: [PATCH] Add instructions for admins to achieve Pinafore compatibility (#406) [skip ci] --- docs/Admin-Guide.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/Admin-Guide.md diff --git a/docs/Admin-Guide.md b/docs/Admin-Guide.md new file mode 100644 index 00000000..20526d59 --- /dev/null +++ b/docs/Admin-Guide.md @@ -0,0 +1,28 @@ +Admin Guide +==== + +This guide is for instance admins who may be having trouble with Pinafore compatibility. + +By default, [Mastodon allows cross-origin access to the `/api` endpoint](https://github.com/tootsuite/mastodon/blob/50529cbceb84e611bca497624a7a4c38113e5135/config/initializers/cors.rb#L15-L20). Thus Pinafore should "just work" for most Mastodon servers. + +If the nginx/Apache settings have been changed, though, then Pinafore might not be able to connect to an instance. To check if the instance is supported, run this command: + +```bash +curl -sLv example.com/api/v1/instance -o /dev/null +``` + +If you see this in the output: + +``` +Access-Control-Allow-Origin: * +``` + +Then Pinafore should work as expected! + +Otherwise, if the instance admin would like to whitelist only certain websites (including Pinafore) to work with CORS, then they will need to make sure that the server echoes: + +``` +Access-Control-Allow-Origin: https://pinafore.social +``` + +when Pinafore tries to access it. Note that this is a bit complicated to configure (compared to the simpler `*` approach), but [there are instructions on StackOverflow](https://stackoverflow.com/q/1653308) for nginx, Apache, and other servers.