Disable providers of user and status metadata when instance is private
This commit is contained in:
parent
630444ee08
commit
ff07014b26
3 changed files with 22 additions and 2 deletions
|
@ -16,6 +16,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
## unreleased-patch - ???
|
## unreleased-patch - ???
|
||||||
|
|
||||||
|
### Security
|
||||||
|
- Fix metadata leak for accounts and statuses on private instances
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
- Rich media failure tracking (along with `:failure_backoff` option)
|
- Rich media failure tracking (along with `:failure_backoff` option)
|
||||||
|
|
|
@ -8,8 +8,8 @@ defmodule Pleroma.Web.Metadata do
|
||||||
def build_tags(params) do
|
def build_tags(params) do
|
||||||
providers = [
|
providers = [
|
||||||
Pleroma.Web.Metadata.Providers.RestrictIndexing,
|
Pleroma.Web.Metadata.Providers.RestrictIndexing,
|
||||||
Pleroma.Web.Metadata.Providers.RelMe,
|
Pleroma.Web.Metadata.Providers.RelMe
|
||||||
| Pleroma.Config.get([__MODULE__, :providers], [])
|
| activated_providers()
|
||||||
]
|
]
|
||||||
|
|
||||||
Enum.reduce(providers, "", fn parser, acc ->
|
Enum.reduce(providers, "", fn parser, acc ->
|
||||||
|
@ -43,4 +43,12 @@ def activity_nsfw?(%{data: %{"sensitive" => sensitive}}) do
|
||||||
def activity_nsfw?(_) do
|
def activity_nsfw?(_) do
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp activated_providers do
|
||||||
|
if Pleroma.Config.get!([:instance, :public]) do
|
||||||
|
Pleroma.Config.get([__MODULE__, :providers], [])
|
||||||
|
else
|
||||||
|
[]
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -22,4 +22,13 @@ test "for local user" do
|
||||||
"<meta content=\"noindex, noarchive\" name=\"robots\">"
|
"<meta content=\"noindex, noarchive\" name=\"robots\">"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "no metadata for private instances" do
|
||||||
|
test "for local user" do
|
||||||
|
Pleroma.Config.put([:instance, :public], false)
|
||||||
|
user = insert(:user, bio: "This is my secret fedi account bio")
|
||||||
|
|
||||||
|
assert "" = Pleroma.Web.Metadata.build_tags(%{user: user})
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue