- Nov 28, 2024
-
-
Julia authored
View MR for information: TransFem-org/Sharkey!770 Approved-by: Hazelnoot <acomputerdog@gmail.com> Approved-by: Julia <julia@insertdomain.name>
-
- Nov 25, 2024
-
-
Hazelnoot authored
View MR for information: !775 Approved-by: dakkar <dakkar@thenautilus.net>
-
Hazelnoot authored
-
- Nov 22, 2024
-
-
dakkar authored
View MR for information: !771 Approved-by: dakkar <dakkar@thenautilus.net>
-
dakkar authored
when showing a reply, browser will request the replied-to avatar twice at the same time, and get confused if one of the requests is refused something similar seems to happen with videos and their previews
-
dakkar authored
the `users/lists/push` endpoint already has a limit, of 30/hour
-
dakkar authored
View MR for information: !768 Approved-by: dakkar <dakkar@thenautilus.net> Approved-by: Tess K <me@thvxl.se> Approved-by: Marie <github@yuugi.dev>
-
dakkar authored
View MR for information: !767 Approved-by: dakkar <dakkar@thenautilus.net> Approved-by: Tess K <me@thvxl.se>
-
dakkar authored
-
Tess K authored
-
Hazelnoot authored
-
Hazelnoot authored
-
- Nov 21, 2024
-
-
Julia authored
-
Julia authored
View MR for information: !764 Approved-by: Hazelnoot <acomputerdog@gmail.com>
-
Julia authored
-
Julia authored
-
Julia authored
-
Julia authored
-
Hazelnoot authored
-
Julia authored
-
-
-
-
Co-authored-by: anatawa12 <anatawa12@icloud.com>
-
-
-
Julia authored
This isn't perfect, theoretically if some massive number of users blocked the user making this request the set lookup could take a long amount of time, but eh, it works, and that scenario is highly unlikely.
-
Julia authored
-
Julia authored
This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities.
-
Julia authored
Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked.
-
Julia authored
One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else.
-
Julia authored
-
Julia authored
-
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
-
-