Skip to content

Instantly share code, notes, and snippets.

@aaronpk

aaronpk/gist:5846789

Last active April 6, 2025 02:26
Show Gist options
  • Save aaronpk/5846789 to your computer and use it in GitHub Desktop.
Save aaronpk/5846789 to your computer and use it in GitHub Desktop.
Download ZIP
Added WebFinger support to my email address using one rewrite rule and one static file.
Raw
gistfile1.txt
[aaron@parecki.com www]$ cat .htaccess
RewriteEngine on
RewriteCond %{QUERY_STRING} resource=acct:(.+)
RewriteRule ^\.well-known/webfinger /profile/%1? [L]
[aaron@parecki.com www]$ cat profile/aaron@parecki.com
{
"subject": "acct:aaron@parecki.com",
"links": [
{
"rel": "http://webfinger.net/rel/avatar",
"href": "http://aaronparecki.com/images/aaronpk.png"
},
{
"rel": "http://webfinger.net/rel/profile-page",
"href": "http://aaronparecki.com/"
},
{
"rel": "me",
"href": "http://aaronparecki.com/"
}
]
}
@fmarier
Copy link

fmarier commented Aug 3, 2013

I had to change the rewrite rule to this to make it work:

RewriteRule ^/.well-known/webfinger /profile/%1? [L]

(forward slash instead of backslash)

@fmarier
Copy link

fmarier commented Nov 15, 2013

Actually there are three problems with this:

  • URL-encoded query parameters are not unescaped prior to the mod_rewrite match
  • the content-type is not set
  • CORS headers are missing

Here's my version:

<Directory /var/www/profile>
    DefaultType application/json
    Header set Access-Control-Allow-Origin: "*"
</Directory>

RewriteEngine on
RewriteMap unescape int:unescape
RewriteCond ${unescape:%{QUERY_STRING}} resource=acct:(.+)
RewriteRule ^/.well-known/webfinger /profile/${unescape:%1}? [last]

This passes all of the checks on http://webfinger.net/

@Dan-Q
Copy link

Dan-Q commented Feb 4, 2019

I had to change the rewrite rule to this to make it work:

RewriteRule ^/.well-known/webfinger /profile/%1? [L]

(forward slash instead of backslash)

You need a / (unlike @aaronpk) because your RewriteBase is different. You should still have the \ to escape the ., i.e. you should use:

RewriteRule ^/\.well-known/webfinger /profile/%1? [L]

Otherwise the rule will match a small number of (probably harmless) spurious URLs, e.g. https://example.com/Awell-known/webfinger (note letter A): the . is a wildcard: escaping it means a literal dot.

@sorenpeter
Copy link

Should there be a file or folder called webfinger in the .well-known folder?

@Dan-Q
Copy link

Dan-Q commented Apr 11, 2023

@sorenpeter asked:

Should there be a file or folder called webfinger in the .well-known folder?

No, the RewriteCond and RewriteRule tells Apache, "when somebody asks for /.well-known/webfinger?resource=acct:SOMETHING, instead serve them /profile/SOMETHING". This then allows you to store static files in /profile/... for each user account represented by webfinger and it pretty-much "just works".

If the rules are working properly, you'll never need an actual file at /.well-known/webfinger.

@steelman
Copy link

steelman commented Nov 19, 2024
edited
Loading

Alas according to the documentation RewriteMap cannot be declared in a per-directory context including .htaccess. So one probably need to name their json files with %40 instead of @ or symlink them because some clients (e.g. Mastodon) send unescaped requests. This also requires to support both : and %3a

RewriteCond %{QUERY_STRING} resource=acct(:|%3[Aa])([^&]+)
RewriteRule ^\.well-known/webfinger /webfinger/%2? [NE,T=application/jrd+json;charset=UTF-8]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment