Has this been fixed since the article came out in December?
Former Truth Social developer behind Soapbox and Rebased has come up with a sneaky workaround to how Authorized Fetch functions: if your domain is blocked for a fetch, just sign it with a different domain name instead, using an A record that points back to the receiving instance. #MastoAdmin
https://wedistribute.org/2023/12/authorized-fetch-circumvented/
Authorized Fetch Circumvented by Alt-Right Developers
We've criticized the security and privacy mechanisms of Mastodon in the past, but this new development should be eye-opening. Alex Gleason, the former Truth Social developer behind Soapbox and RebasedSean Tilley (We Distribute)