Skip to content
Snippets Groups Projects

Draft: try to honour user blocks on AP requests - #248

Closed dakkar requested to merge feature/block-users-auth-fetch-248 into develop

What does this PR do? When asked for a user-linked AP resource, check if the remote user is blocked by the local user whose resource is being requested.

As the comment says, this doesn't really work, because requests can be signed by the remote instance actor instead of the real remote user.

E.g. Misskey (and us) seems to always sign as the instance actor when fetching notes

Also, for some resources we check the signature twice. I may optimise this if we decide that it's worth the effort, at the moment I think this whole feature is probably useless given the above problem.

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

  • I agree to follow this project's Contribution Guidelines
  • I have made sure to test this pull request

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading