@fedify/fedify 1.3.0-dev.482 → 1.3.0-dev.485

package/CHANGES.md

@@ -8,6 +8,30 @@ Version 1.3.0
 
 To be released.
 
+ -  Fedify now makes HTTP requests with the proper `User-Agent` header. [[#162]]
+
+     -  Added `getUserAgent()` function.
+     -  Added `GetUserAgentOptions` interface.
+     -  Added `getDocumentLoader()` function.
+     -  Added `GetDocumentLoaderOptions` interface.
+     -  The type of `getAuthenticatedDocumentLoader()` function's second
+        parameter became `GetAuthenticatedDocumentLoaderOptions | undefined`
+        (was `boolean | undefined`).
+     -  Added `GetAuthenticatedDocumentLoaderOptions` interface.
+     -  Deprecated `fetchDocumentLoader()` function.
+     -  Added `LookupObjectOptions.userAgent` option.
+     -  Added the type of `getActorHandle()` function's second parameter became
+        `GetActorHandleOptions | undefined` (was `NormalizeActorHandleOptions |
+        undefined`).
+     -  Added `GetActorHandleOptions` interface.
+     -  Added the optional second parameter to `lookupWebFinger()` function.
+     -  Added `LookupWebFingerOptions` interface.
+     -  Added `GetNodeInfoOptions.userAgent` option.
+     -  Added `-u`/--user-agent` option to `fedify lookup` subcommand.
+     -  Added `-u`/--user-agent` option to `fedify node` subcommand.
+
+[#162]: https://github.com/dahlia/fedify/issues/162
+
 
 Version 1.2.2
 -------------

package/esm/deno.js

@@ -0,0 +1,101 @@
+export default {
+    "name": "@fedify/fedify",
+    "version": "1.3.0-dev.485+cfe509f3",
+    "license": "MIT",
+    "exports": {
+        ".": "./mod.ts",
+        "./federation": "./federation/mod.ts",
+        "./nodeinfo": "./nodeinfo/mod.ts",
+        "./runtime": "./runtime/mod.ts",
+        "./sig": "./sig/mod.ts",
+        "./vocab": "./vocab/mod.ts",
+        "./webfinger": "./webfinger/mod.ts",
+        "./x/denokv": "./x/denokv.ts",
+        "./x/fresh": "./x/fresh.ts",
+        "./x/hono": "./x/hono.ts"
+    },
+    "imports": {
+        "@cfworker/json-schema": "npm:@cfworker/json-schema@^2.0.1",
+        "@david/which-runtime": "jsr:@david/which-runtime@^0.2.0",
+        "@deno/dnt": "jsr:@deno/dnt@0.41.2",
+        "@fedify/fedify": "./mod.ts",
+        "@fedify/fedify/federation": "./federation/mod.ts",
+        "@fedify/fedify/nodeinfo": "./nodeinfo/mod.ts",
+        "@fedify/fedify/runtime": "./runtime/mod.ts",
+        "@fedify/fedify/sig": "./sig/mod.ts",
+        "@fedify/fedify/vocab": "./vocab/mod.ts",
+        "@fedify/fedify/webfinger": "./webfinger/mod.ts",
+        "@fedify/fedify/x/denokv": "./x/denokv.ts",
+        "@fedify/fedify/x/fresh": "./x/fresh.ts",
+        "@fedify/fedify/x/hono": "./x/hono.ts",
+        "@hongminhee/aitertools": "jsr:@hongminhee/aitertools@^0.6.0",
+        "@hugoalh/http-header-link": "jsr:@hugoalh/http-header-link@^1.0.2",
+        "@logtape/logtape": "jsr:@logtape/logtape@^0.7.1",
+        "@phensley/language-tag": "npm:@phensley/language-tag@^1.9.0",
+        "@std/assert": "jsr:@std/assert@^0.226.0",
+        "@std/async": "jsr:@std/async@^1.0.5",
+        "@std/bytes": "jsr:@std/bytes@^1.0.2",
+        "@std/collections": "jsr:@std/collections@^1.0.6",
+        "@std/encoding": "jsr:@std/encoding@^1.0.5",
+        "@std/fs": "jsr:@std/fs@^1.0.3",
+        "@std/http": "jsr:@std/http@^1.0.6",
+        "@std/path": "jsr:@std/path@^1.0.6",
+        "@std/semver": "jsr:@std/semver@^1.0.3",
+        "@std/testing": "jsr:@std/testing@^0.224.0",
+        "@std/text": "jsr:@std/text@^1.0.6",
+        "@std/url": "jsr:@std/url@^0.225.1",
+        "@std/yaml": "jsr:@std/yaml@^0.224.3",
+        "asn1js": "npm:asn1js@^3.0.5",
+        "fast-check": "npm:fast-check@^3.22.0",
+        "json-canon": "npm:json-canon@^1.0.1",
+        "jsonld": "npm:jsonld@^8.3.2",
+        "mock_fetch": "jsr:@hongminhee/deno-mock-fetch@^0.3.2",
+        "multibase": "npm:multibase@^4.0.6",
+        "multicodec": "npm:multicodec@^3.2.1",
+        "pkijs": "npm:pkijs@^3.2.4",
+        "uri-template-router": "npm:uri-template-router@^0.0.16",
+        "url-template": "npm:url-template@^3.1.1"
+    },
+    "include": [
+        "vocab/vocab.ts"
+    ],
+    "exclude": [
+        ".git/",
+        ".github/",
+        ".vscode/",
+        ".zed/",
+        "apidoc/",
+        "cli/",
+        "codegen/schema.yaml",
+        "docs/",
+        "examples/",
+        "logo.svg",
+        "npm/",
+        "vocab/*.yaml",
+        "!vocab/vocab.ts"
+    ],
+    "tasks": {
+        "cache": "deno task codegen && deno cache mod.ts",
+        "check": "deno task codegen && deno fmt --check && deno lint && deno check */*.ts",
+        "codegen": "deno run --allow-read --allow-write --check codegen/main.ts vocab/ ../runtime/ > vocab/vocab.ts && deno fmt vocab/vocab.ts && deno cache vocab/vocab.ts && deno check vocab/vocab.ts",
+        "test-without-codegen": "deno test --check --doc --allow-read --allow-write --allow-env --unstable-kv --trace-leaks",
+        "test": "deno task codegen && deno task test-without-codegen",
+        "coverage": "rm -rf coverage/ && deno task test --coverage && deno coverage --html coverage",
+        "bench": "deno task codegen && deno bench --allow-read --allow-write --allow-net --allow-env --allow-run --unstable-kv",
+        "apidoc": "deno task codegen && deno doc --html --name=Fedify --output=apidoc/ mod.ts",
+        "check-version": "deno run ../cli/scripts/check_version.ts",
+        "publish": "deno task codegen && deno publish",
+        "dnt-without-codegen": "deno run -A dnt.ts",
+        "dnt": "deno task codegen && deno task dnt-without-codegen",
+        "test-all": "deno task check && deno task test-without-codegen && deno task dnt-without-codegen && cd npm/ && bun run ./test_runner.js && cd ../",
+        "update": "deno run --allow-env --allow-read --allow-write=. --allow-run=git,deno --allow-net=jsr.io,registry.npmjs.org jsr:@molt/cli ./*.ts",
+        "update:commit": "deno task -q update --commit --pre-commit=fmt,lint",
+        "hooks:install": "deno run --allow-read=deno.json,.git/hooks/ --allow-write=.git/hooks/ jsr:@hongminhee/deno-task-hooks",
+        "hooks:pre-commit": "deno task check && deno task check-version"
+    },
+    "unstable": [
+        "kv",
+        "temporal"
+    ],
+    "lock": false
+};

package/esm/federation/middleware.js

@@ -1,7 +1,7 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { handleNodeInfo, handleNodeInfoJrd } from "../nodeinfo/handler.js";
-import { fetchDocumentLoader, getAuthenticatedDocumentLoader, kvCache, } from "../runtime/docloader.js";
+import { getAuthenticatedDocumentLoader, getDocumentLoader, kvCache, } from "../runtime/docloader.js";
 import { verifyRequest } from "../sig/http.js";
 import { exportJwk, importJwk, validateCryptoKey } from "../sig/key.js";
 import { hasSignature, signJsonLd } from "../sig/ld.js";
@@ -50,6 +50,7 @@ export class FederationImpl {
     documentLoader;
     contextLoader;
     authenticatedDocumentLoaderFactory;
+    userAgent;
     onOutboxError;
     signatureTimeWindow;
     skipSignatureVerification;
@@ -75,31 +76,34 @@ export class FederationImpl {
         this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
         this.objectCallbacks = {};
         this.objectTypeIds = {};
-        if (options.allowPrivateAddress) {
+        if (options.allowPrivateAddress || options.userAgent != null) {
             if (options.documentLoader != null) {
-                throw new TypeError("Cannot set documentLoader with allowPrivateAddress turned on.");
+                throw new TypeError("Cannot set documentLoader with allowPrivateAddress or " +
+                    "userAgent options.");
             }
             else if (options.contextLoader != null) {
-                throw new TypeError("Cannot set contextLoader with allowPrivateAddress turned on.");
+                throw new TypeError("Cannot set contextLoader with allowPrivateAddress or " +
+                    "userAgent options.");
             }
             else if (options.authenticatedDocumentLoaderFactory != null) {
                 throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with " +
-                    "allowPrivateAddress turned on.");
+                    "allowPrivateAddress or userAgent options.");
             }
         }
+        const { allowPrivateAddress, userAgent } = options;
         this.documentLoader = options.documentLoader ?? kvCache({
-            loader: options.allowPrivateAddress
-                ? (url) => fetchDocumentLoader(url, true)
-                : fetchDocumentLoader,
+            loader: getDocumentLoader({ allowPrivateAddress, userAgent }),
             kv: options.kv,
             prefix: this.kvPrefixes.remoteDocument,
         });
         this.contextLoader = options.contextLoader ?? this.documentLoader;
         this.authenticatedDocumentLoaderFactory =
             options.authenticatedDocumentLoaderFactory ??
-                (options.allowPrivateAddress
-                    ? (identity) => getAuthenticatedDocumentLoader(identity, true)
-                    : getAuthenticatedDocumentLoader);
+                ((identity) => getAuthenticatedDocumentLoader(identity, {
+                    allowPrivateAddress,
+                    userAgent,
+                }));
+        this.userAgent = userAgent;
         this.onOutboxError = options.onOutboxError;
         this.signatureTimeWindow = options.signatureTimeWindow ?? { hours: 1 };
         this.skipSignatureVerification = options.skipSignatureVerification ?? false;
@@ -1554,6 +1558,7 @@ export class ContextImpl {
         return lookupObject(identifier, {
             documentLoader: options.documentLoader ?? this.documentLoader,
             contextLoader: options.contextLoader ?? this.contextLoader,
+            userAgent: options.userAgent ?? this.federation.userAgent,
         });
     }
     traverseCollection(collection, options = {}) {

package/esm/nodeinfo/client.js

@@ -1,12 +1,20 @@
 import { getLogger } from "@logtape/logtape";
 import { parse } from "../deps/jsr.io/@std/semver/1.0.3/mod.js";
+import { getUserAgent, } from "../runtime/docloader.js";
 const logger = getLogger(["fedify", "nodeinfo", "client"]);
 export async function getNodeInfo(url, options = {}) {
     try {
         let nodeInfoUrl = url;
         if (!options.direct) {
             const wellKnownUrl = new URL("/.well-known/nodeinfo", url);
-            const wellKnownResponse = await fetch(wellKnownUrl);
+            const wellKnownResponse = await fetch(wellKnownUrl, {
+                headers: {
+                    Accept: "application/json",
+                    "User-Agent": typeof options.userAgent === "string"
+                        ? options.userAgent
+                        : getUserAgent(options.userAgent),
+                },
+            });
             if (!wellKnownResponse.ok) {
                 logger.error("Failed to fetch {url}: {status} {statusText}", {
                     url: wellKnownUrl.href,
@@ -28,7 +36,14 @@ export async function getNodeInfo(url, options = {}) {
             }
             nodeInfoUrl = link.href;
         }
-        const response = await fetch(nodeInfoUrl);
+        const response = await fetch(nodeInfoUrl, {
+            headers: {
+                Accept: "application/json",
+                "User-Agent": typeof options.userAgent === "string"
+                    ? options.userAgent
+                    : getUserAgent(options.userAgent),
+            },
+        });
         if (!response.ok) {
             logger.error("Failed to fetch NodeInfo document from {url}: {status} {statusText}", {
                 url: nodeInfoUrl.toString(),

package/esm/runtime/docloader.js

@@ -1,6 +1,8 @@
 import * as dntShim from "../_dnt.shims.js";
 import { HTTPHeaderLink } from "@hugoalh/http-header-link";
 import { getLogger } from "@logtape/logtape";
+import process from "node:process";
+import metadata from "../deno.js";
 import { signRequest } from "../sig/http.js";
 import { validateCryptoKey } from "../sig/key.js";
 import preloadedContexts from "./contexts.js";
@@ -26,10 +28,13 @@ export class FetchError extends Error {
         this.url = typeof url === "string" ? new URL(url) : url;
     }
 }
-function createRequest(url) {
+function createRequest(url, options = {}) {
     return new Request(url, {
         headers: {
             Accept: "application/activity+json, application/ld+json",
+            "User-Agent": typeof options.userAgent === "string"
+                ? options.userAgent
+                : getUserAgent(options.userAgent),
         },
         redirect: "manual",
     });
@@ -125,6 +130,65 @@ async function getRemoteDocument(url, response, fetch) {
         documentUrl,
     };
 }
+/**
+ * Creates a JSON-LD document loader that utilizes the browser's `fetch` API.
+ *
+ * The created loader preloads the below frequently used contexts by default
+ * (unless `options.ignorePreloadedContexts` is set to `true`):
+ *
+ * - <https://www.w3.org/ns/activitystreams>
+ * - <https://w3id.org/security/v1>
+ * - <https://w3id.org/security/data-integrity/v1>
+ * - <https://www.w3.org/ns/did/v1>
+ * - <https://w3id.org/security/multikey/v1>
+ * - <https://purl.archive.org/socialweb/webfinger>
+ * - <http://schema.org/>
+ * @param options Options for the document loader.
+ * @returns The document loader.
+ * @since 1.3.0
+ */
+export function getDocumentLoader({ allowPrivateAddress, skipPreloadedContexts, userAgent } = {}) {
+    async function load(url) {
+        if (!skipPreloadedContexts && url in preloadedContexts) {
+            logger.debug("Using preloaded context: {url}.", { url });
+            return {
+                contextUrl: null,
+                document: preloadedContexts[url],
+                documentUrl: url,
+            };
+        }
+        if (!allowPrivateAddress) {
+            try {
+                await validatePublicUrl(url);
+            }
+            catch (error) {
+                if (error instanceof UrlError) {
+                    logger.error("Disallowed private URL: {url}", { url, error });
+                }
+                throw error;
+            }
+        }
+        const request = createRequest(url, { userAgent });
+        logRequest(request);
+        const response = await fetch(request, {
+            // Since Bun has a bug that ignores the `Request.redirect` option,
+            // to work around it we specify `redirect: "manual"` here too:
+            // https://github.com/oven-sh/bun/issues/10754
+            redirect: "manual",
+        });
+        // Follow redirects manually to get the final URL:
+        if (response.status >= 300 && response.status < 400 &&
+            response.headers.has("Location")) {
+            return load(response.headers.get("Location"));
+        }
+        return getRemoteDocument(url, response, load);
+    }
+    return load;
+}
+const _fetchDocumentLoader = getDocumentLoader();
+const _fetchDocumentLoader_allowPrivateAddress = getDocumentLoader({
+    allowPrivateAddress: true,
+});
 /**
  * A JSON-LD document loader that utilizes the browser's `fetch` API.
  *
@@ -135,45 +199,20 @@ async function getRemoteDocument(url, response, fetch) {
  * - <https://w3id.org/security/data-integrity/v1>
  * - <https://www.w3.org/ns/did/v1>
  * - <https://w3id.org/security/multikey/v1>
+ * - <https://purl.archive.org/socialweb/webfinger>
+ * - <http://schema.org/>
  * @param url The URL of the document to load.
  * @param allowPrivateAddress Whether to allow fetching private network
  *                            addresses.  Turned off by default.
  * @returns The remote document.
+ * @deprecated Use {@link getDocumentLoader} instead.
  */
-export async function fetchDocumentLoader(url, allowPrivateAddress = false) {
-    if (url in preloadedContexts) {
-        logger.debug("Using preloaded context: {url}.", { url });
-        return {
-            contextUrl: null,
-            document: preloadedContexts[url],
-            documentUrl: url,
-        };
-    }
-    if (!allowPrivateAddress) {
-        try {
-            await validatePublicUrl(url);
-        }
-        catch (error) {
-            if (error instanceof UrlError) {
-                logger.error("Disallowed private URL: {url}", { url, error });
-            }
-            throw error;
-        }
-    }
-    const request = createRequest(url);
-    logRequest(request);
-    const response = await fetch(request, {
-        // Since Bun has a bug that ignores the `Request.redirect` option,
-        // to work around it we specify `redirect: "manual"` here too:
-        // https://github.com/oven-sh/bun/issues/10754
-        redirect: "manual",
-    });
-    // Follow redirects manually to get the final URL:
-    if (response.status >= 300 && response.status < 400 &&
-        response.headers.has("Location")) {
-        return fetchDocumentLoader(response.headers.get("Location"), allowPrivateAddress);
-    }
-    return getRemoteDocument(url, response, (url) => fetchDocumentLoader(url, allowPrivateAddress));
+export function fetchDocumentLoader(url, allowPrivateAddress = false) {
+    logger.warn("fetchDocumentLoader() function is deprecated.  " +
+        "Use getDocumentLoader() function instead.");
+    return (allowPrivateAddress
+        ? _fetchDocumentLoader_allowPrivateAddress
+        : _fetchDocumentLoader)(url);
 }
 /**
  * Gets an authenticated {@link DocumentLoader} for the given identity.
@@ -181,13 +220,12 @@ export async function fetchDocumentLoader(url, allowPrivateAddress = false) {
  * the fetched documents.
  * @param identity The identity to get the document loader for.
  *                 The actor's key pair.
- * @param allowPrivateAddress Whether to allow fetching private network
- *                            addresses.  Turned off by default.
+ * @param options The options for the document loader.
  * @returns The authenticated document loader.
  * @throws {TypeError} If the key is invalid or unsupported.
  * @since 0.4.0
  */
-export function getAuthenticatedDocumentLoader(identity, allowPrivateAddress = false) {
+export function getAuthenticatedDocumentLoader(identity, { allowPrivateAddress, userAgent } = {}) {
     validateCryptoKey(identity.privateKey);
     async function load(url) {
         if (!allowPrivateAddress) {
@@ -201,7 +239,7 @@ export function getAuthenticatedDocumentLoader(identity, allowPrivateAddress = f
                 throw error;
             }
         }
-        let request = createRequest(url);
+        let request = createRequest(url, { userAgent });
         request = await signRequest(request, identity.privateKey, identity.keyId);
         logRequest(request);
         const response = await fetch(request, {
@@ -268,3 +306,27 @@ export function kvCache({ loader, kv, prefix, rules }) {
         return cache;
     };
 }
+/**
+ * Gets the user agent string for the given application and URL.
+ * @param options The options for making the user agent string.
+ * @returns The user agent string.
+ * @since 1.3.0
+ */
+export function getUserAgent({ software, url } = {}) {
+    const fedify = `Fedify/${metadata.version}`;
+    const runtime = "Deno" in dntShim.dntGlobalThis
+        ? `Deno/${dntShim.Deno.version.deno}`
+        : "Bun" in dntShim.dntGlobalThis
+            // @ts-ignore: `Bun` is a global variable in Bun
+            ? `Bun/${Bun.version}`
+            : "process" in dntShim.dntGlobalThis
+                ? `Node.js/${process.version}`
+                : null;
+    const userAgent = software == null ? [fedify] : [software, fedify];
+    if (runtime != null)
+        userAgent.push(runtime);
+    if (url != null)
+        userAgent.push(`+${url.toString()}`);
+    const first = userAgent.shift();
+    return `${first} (${userAgent.join("; ")})`;
+}

package/esm/sig/key.js

@@ -1,6 +1,6 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
-import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { getDocumentLoader, } from "../runtime/docloader.js";
 import { isActor } from "../vocab/actor.js";
 import { CryptographicKey, Object } from "../vocab/vocab.js";
 /**
@@ -123,7 +123,7 @@ cls, { documentLoader, contextLoader, keyCache } = {}) {
     logger.debug("Fetching key {keyId} to verify signature...", { keyId });
     let document;
     try {
-        const remoteDocument = await (documentLoader ?? fetchDocumentLoader)(keyId);
+        const remoteDocument = await (documentLoader ?? getDocumentLoader())(keyId);
         document = remoteDocument.document;
     }
     catch (_) {

package/esm/sig/ld.js

@@ -4,7 +4,7 @@ import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.5/b
 import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.5/hex.js";
 // @ts-ignore TS7016
 import jsonld from "jsonld";
-import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { getDocumentLoader, } from "../runtime/docloader.js";
 import { Activity, CryptographicKey, Object } from "../vocab/vocab.js";
 import { fetchKey, validateCryptoKey } from "./key.js";
 const logger = getLogger(["fedify", "sig", "ld"]);
@@ -200,7 +200,7 @@ export async function verifyJsonLd(jsonLd, options = {}) {
 async function hashJsonLd(jsonLd, contextLoader) {
     const canon = await jsonld.canonize(jsonLd, {
         format: "application/n-quads",
-        documentLoader: contextLoader ?? fetchDocumentLoader,
+        documentLoader: contextLoader ?? getDocumentLoader(),
     });
     const encoder = new TextEncoder();
     const hash = await dntShim.crypto.subtle.digest("SHA-256", encoder.encode(canon));

package/esm/sig/owner.js

@@ -1,4 +1,4 @@
-import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { getDocumentLoader, } from "../runtime/docloader.js";
 import { isActor } from "../vocab/actor.js";
 import { CryptographicKey, Object as ASObject, } from "../vocab/vocab.js";
 export { exportJwk, generateCryptoKeyPair, importJwk } from "./key.js";
@@ -32,8 +32,8 @@ export async function doesActorOwnKey(activity, key, options) {
  *          owner.
  */
 export async function getKeyOwner(keyId, options) {
-    const documentLoader = options.documentLoader ?? fetchDocumentLoader;
-    const contextLoader = options.contextLoader ?? fetchDocumentLoader;
+    const documentLoader = options.documentLoader ?? getDocumentLoader();
+    const contextLoader = options.contextLoader ?? getDocumentLoader();
     let object;
     if (keyId instanceof CryptographicKey) {
         object = keyId;

package/esm/vocab/actor.js

@@ -67,7 +67,7 @@ export function getActorClassByTypeName(typeName) {
  * ```
  *
  * @param actor The actor or actor URI to get the handle from.
- * @param options The options for normalizing the actor handle.
+ * @param options The extra options for getting the actor handle.
  * @returns The actor handle.  It starts with `@` and is followed by the
  *          username and domain, separated by `@` by default (it can be
  *          customized with the options).
@@ -78,7 +78,9 @@ export function getActorClassByTypeName(typeName) {
 export async function getActorHandle(actor, options = {}) {
     const actorId = actor instanceof URL ? actor : actor.id;
     if (actorId != null) {
-        const result = await lookupWebFinger(actorId);
+        const result = await lookupWebFinger(actorId, {
+            userAgent: options.userAgent,
+        });
         if (result != null) {
             const aliases = [...(result.aliases ?? [])];
             if (result.subject != null)
@@ -88,7 +90,7 @@ export async function getActorHandle(actor, options = {}) {
                 if (match != null) {
                     const hostname = new URL(`https://${match[2]}/`).hostname;
                     if (hostname !== actorId.hostname &&
-                        !await verifyCrossOriginActorHandle(actorId.href, alias)) {
+                        !await verifyCrossOriginActorHandle(actorId.href, alias, options.userAgent)) {
                         continue;
                     }
                     return normalizeActorHandle(`@${match[1]}@${match[2]}`, options);
@@ -102,8 +104,8 @@ export async function getActorHandle(actor, options = {}) {
     }
     throw new TypeError("Actor does not have enough information to get the handle.");
 }
-async function verifyCrossOriginActorHandle(actorId, alias) {
-    const response = await lookupWebFinger(alias);
+async function verifyCrossOriginActorHandle(actorId, alias, userAgent) {
+    const response = await lookupWebFinger(alias, { userAgent });
     if (response == null)
         return false;
     for (const alias of response.aliases ?? []) {

package/esm/vocab/lookup.js

@@ -1,7 +1,7 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { delay } from "../deps/jsr.io/@std/async/1.0.8/delay.js";
-import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { getDocumentLoader, } from "../runtime/docloader.js";
 import { lookupWebFinger } from "../webfinger/lookup.js";
 import { Object } from "./vocab.js";
 const logger = getLogger(["fedify", "vocab", "lookup"]);
@@ -39,7 +39,8 @@ const handleRegexp = /^@?((?:[-A-Za-z0-9._~!$&'()*+,;=]|%[A-Fa-f0-9]{2})+)@([^@]
  * @since 0.2.0
  */
 export async function lookupObject(identifier, options = {}) {
-    const documentLoader = options.documentLoader ?? fetchDocumentLoader;
+    const documentLoader = options.documentLoader ??
+        getDocumentLoader({ userAgent: options.userAgent });
     if (typeof identifier === "string") {
         const match = handleRegexp.exec(identifier);
         if (match)
@@ -57,7 +58,9 @@ export async function lookupObject(identifier, options = {}) {
         }
     }
     if (document == null) {
-        const jrd = await lookupWebFinger(identifier);
+        const jrd = await lookupWebFinger(identifier, {
+            userAgent: options.userAgent,
+        });
         if (jrd?.links == null)
             return null;
         for (const l of jrd.links) {