Draft: try to honour user blocks on AP requests - #248 (!456) · Merge requests · TransFem.org / Sharkey

dakkar requested to merge feature/block-users-auth-fetch-248 into develop Mar 03, 2024

What does this PR do? When asked for a user-linked AP resource, check if the remote user is blocked by the local user whose resource is being requested.

As the comment says, this doesn't really work, because requests can be signed by the remote instance actor instead of the real remote user.

E.g. Misskey (and us) seems to always sign as the instance actor when fetching notes ☹

Also, for some resources we check the signature twice. I may optimise this if we decide that it's worth the effort, at the moment I think this whole feature is probably useless given the above problem.

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

I agree to follow this project's Contribution Guidelines
I have made sure to test this pull request

Draft: try to honour user blocks on AP requests - #248

Merge request reports