Skip to content
Snippets Groups Projects

Convert Authorized Fetch to a setting and add support for hybrid mode

Merged Convert Authorized Fetch to a setting and add support for hybrid mode
fEmber/Sharkey:hazelnoot/unauthorized-user-fetch into develop
Merged Hazelnoot requested to merge fEmber/Sharkey:hazelnoot/unauthorized-user-fetch into develop

What does this MR do?

This PR reworks Authorized Fetch in several ways:

  1. The configuration file entry checkActivityPubGetSignature is deprecated and should be removed after upgrading.
  2. A new admin setting for Authorized Fetch is added under "Security". Detailed labels explain the pros and cons of each setting.
  3. A new user setting for Authorized Fetch is added under "Privacy". This allows the user to override the admin's choice, but on for their own account.
  4. Implements a new hybrid setting for Authorized Fetch, where signatures are enforced except for "essential metadata" such as Actor objects and public keys. User profiles returned in this way are redacted to remove all personal data.

When migrating, the value of checkActivityPubGetSignature will be automatically imported into the system-wide admin setting. User accounts will default to "Use staff recommendation", which falls back to the system-wide default setting.

a201aa5b-f0cc-4744-bd61-9a255de3dff3 e2da9181-b1bc-4180-bf5c-0c529359196d

Contribution Guidelines

By submitting this merge request, you agree to follow our Contribution Guidelines

  • I agree to follow this project's Contribution Guidelines
  • I have made sure to test this merge request
Edited by Hazelnoot

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply