- Nov 21, 2024
-
-
Hazelnoot authored
-
Hazelnoot authored
-
Hazelnoot authored
-
Hazelnoot authored
-
Julia authored
-
Julia authored
-
Julia authored
View MR for information: !764 Approved-by: Hazelnoot <acomputerdog@gmail.com>
-
Julia authored
-
Julia authored
-
Julia authored
-
Julia authored
-
Hazelnoot authored
-
Julia authored
-
-
-
-
Co-authored-by: anatawa12 <anatawa12@icloud.com>
-
-
-
Julia authored
This isn't perfect, theoretically if some massive number of users blocked the user making this request the set lookup could take a long amount of time, but eh, it works, and that scenario is highly unlikely.
-
Julia authored
-
Julia authored
This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities.
-
Julia authored
Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked.
-
Julia authored
One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else.
-
Julia authored
-
Julia authored
-
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
-
-
-
Julia authored
-
-
Julia authored
-
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name
-
-
-