Mastodon often fails to show up-to-date context and information on posts from remote instances. This addon does that properly.

It should work reliably on mainline Mastodon versions 4.0 and up, your mileage may vary for older instances or forks.

Missing features

Installation

Make sure to open the addon settings and type in the instances it should be active on!

Questions and answers

Why do you want to "access my data on all websites" in Firefox?

The extension is provided both for desktop and mobile versions of Firefox, and it doesn't seem to support requesting permissions at runtime on Android.

I'll see if I can upload separate builds, then on desktop it will ask for permissions as needed. Rest assured, it does not do anything on the domains you haven't listed.

Well, except for the requests to the other instances to fetch things.

Does this support servers other than Mastodon?

Somewhat. Pleroma/Akkoma have a similar API, so they are now supported. Currently, I use only the Mastodon-specific API both locally and remotely, and the responses I get from the remote instances are passed on to the Web UI mostly unchanged.

Adding support for either ActivityPub itself, or other specific software (like Calckey/Misskey), will require a translation layer.

Also, in any case, fetching this information requires that it be publicly accessible in the first place. Some instances do not seem to publicly provide post context in any form.

How does this work internally?

The extension intercepts certain mastodon API HTTP requests on the selected instances.

For requests to /statuses/ID/context API, it blocks the response and makes a corresponding request to the origin server of the toot in question.

If a remote response is successfully received, it appends any toots that are missing. Since normally toots will have an ID that is local to the user's instance, instead a fake one is assigned.

If you click on a toot with a fake ID, the extension will try to intercept it and fetch the toot properly this time (via your instance's search function). This only works if you are logged in.

Since version 0.5, the interception is done by injecting a wrapper around XMLHttpRequest, since that provides more flexibility.

I also attempt to gain access to the Redux store used by the web UI. Since everything is webpacked and minified, this is actually the easiest way to interact with the app.

The parallel context loading is done by, first, intercepting a dispatched context request at the Redux store level, then dispatching the same identical for request a second time, figuring out which one is which when both are intercepted, and then handling them differently in parallel. The code for this looks absolutely ridiculous.

Is it secure?

Toot content is returned from the API calls as HTML code. Content of remote toots is passed through an HTML sanitizer to prevent any potential XSS.

Additionally, Mastodon has a strict Content-Security-Policy set by default, including no inline scripts.

So, I think it's secure enough?

Building

npm install -g pnpm # if needed

pnpm install

# build and package for Firefox (Manifest v2)
pnpm package-mv2

# build and package for Chrome (Manifest v3)
pnpm package-mv2

Development

Trying it out — Mozilla.

The extension is written in TypeScript and needs compiling and bundling.

Run pnpm watch in one terminal and web-ext run in another.

Refer to web-ext docs.