AkkomaGang
/
akkoma-fe
4
13
Fork 56
Code Issues 72 Pull Requests 16 Projects Releases 1 Wiki Activity

[bug] repeats are shown broken with restrict_unauthenticated, should be hidden entirely #302

New Issue
Closed
opened 2023-04-17 20:46:16 +00:00 by YokaiRick · 4 comments
YokaiRick commented 2023-04-17 20:46:16 +00:00
Copy Link

Version

1f943ce8a5

What were you trying to do?

i want use these restrict_unauthenticated settings:

config :pleroma, :restrict_unauthenticated,
  timelines: %{local: false, federated: true},
  profiles: %{local: false, remote: true},
  activities: %{local: false, remote: true}

This way any not logged in user can see (as intended) my profile and my posts.
But they can also see my repeats, and in a kinda broken way, like in this attached screenshot.

Link to the post: https://outerheaven.club/notice/AUboaPhJm6UOhlOqci

(i used outerheaven, cause i already reverted my settings as a workaround -> currently i let display remote profiles)

What did you expect to happen?

I think they should be hidden completely, cause this kinda dissents the activities: %{local: false, remote: true} setting

What actually happened?

Ppl can see remote posts, in a broken way.

Severity

I cannot use it as easily as I'd like

Have you searched for this issue?

  • I have double-checked and have not found this issue mentioned anywhere.
### Version 1f943ce8a5e5205637b6f446c7ff4b6fff559454 ### What were you trying to do? i want use these restrict_unauthenticated settings: ``` config :pleroma, :restrict_unauthenticated, timelines: %{local: false, federated: true}, profiles: %{local: false, remote: true}, activities: %{local: false, remote: true} ``` This way any not logged in user can see (as intended) my profile and my posts. But they can also see my repeats, and in a kinda broken way, like in this attached screenshot. Link to the post: https://outerheaven.club/notice/AUboaPhJm6UOhlOqci (i used outerheaven, cause i already reverted my settings as a workaround -> currently i let display remote profiles) ### What did you expect to happen? I think they should be hidden completely, cause this kinda dissents the `activities: %{local: false, remote: true}` setting ### What actually happened? Ppl can see remote posts, in a broken way. ### Severity I cannot use it as easily as I'd like ### Have you searched for this issue? - [x] I have double-checked and have not found this issue mentioned anywhere.
1681763570-grim.png
39 KiB
1681763570-grim.png
YokaiRick commented 2023-04-17 20:49:52 +00:00
Author
Copy Link

fun fact, i just discovered the post only loads if i click on the '4days ago' thread link in the same tab. if i open it any other tab it doesn't load as intended 🤔

aka you can reproduce this this way:

  1. set :restrict_unauthenticated settings as above
  2. repeat a remote post
  3. open a private tab, go to your profile, there you see the broken post repeated
  4. if you click on the thread url the broken post opens in the same tab.
  5. if you copy the thread url and open another private tab, past the link, the post doesn't get shown as intended.

hopefully my description isn't too confusing

fun fact, i just discovered the post only loads if i click on the '4days ago' thread link in the same tab. if i open it any other tab it doesn't load as intended 🤔 aka you can reproduce this this way: 1. set :restrict_unauthenticated settings as above 2. repeat a remote post 3. open a private tab, go to your profile, there you see the broken post repeated 4. if you click on the thread url the broken post opens in the same tab. 5. if you copy the thread url and open another private tab, past the link, the post doesn't get shown as intended. hopefully my description isn't too confusing
Mergan added the
Bug
 label 2023-04-25 17:51:28 +00:00
XxXCertifiedForkliftDriverXxX commented 2023-06-15 13:08:21 +00:00
Copy Link

Howdy! As a certified forklift driver, I noticed that there seems to be a bug in the Akkoma backend. Specifically, it looks like the API is returning data that it shouldn't be returning. This is an issue that could compromise the security and privacy of users on the fediverse. I recommend moving this issue over to the backend project so developers can take a closer look and figure out what's going on. Let's make sure we get this sorted out to ensure that everyone's information is kept safe and secure. Thanks for reporting this bug!

Howdy! As a certified forklift driver, I noticed that there seems to be a bug in the Akkoma backend. Specifically, it looks like the API is returning data that it shouldn't be returning. This is an issue that could compromise the security and privacy of users on the fediverse. I recommend moving this issue over to the backend project so developers can take a closer look and figure out what's going on. Let's make sure we get this sorted out to ensure that everyone's information is kept safe and secure. Thanks for reporting this bug!
YokaiRick commented 2023-07-20 20:53:50 +00:00
Author
Copy Link

yeah, i was also not sure if its a frontend or backend issue.. and sorry i misunderstood you, i thought you would move it to the backend repo. i'll do it now

yeah, i was also not sure if its a frontend or backend issue.. and sorry i misunderstood you, i thought you would move it to the backend repo. i'll do it now
YokaiRick commented 2023-07-20 21:08:43 +00:00
Author
Copy Link

Moved to Backend Issues AkkomaGang/akkoma#597

Moved to Backend Issues AkkomaGang/akkoma#597
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
translations
stable
dm-privacy
paginate-follow-requests
link-verification
cypress
i18n
branch-artifact
marked-mfm
build-on-merge
woodpecker
v3.11.0
v3.10.0
2023.05
2023.04
2023.03
2.4.5-2
2.4.5-1
2.4.5
2.4.4-1
2.4.4
2.4.3
ci-1
ci-0
2.4.2
2.4.0
2.3.0
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.3
2.0.2
0.9.999
0.9.99
0.9.9
Labels
Clear labels   
a11y

Issues and PRs about accessibility

  
Bug

Applies to issues describing bugs

  
Bug fix

Pull requests that squash bugs

  
Critical Priority

   
Documentation

  
Feature

Pull requests that implement new features

  
Feature request

Issues that request new features

  
Held for next release cycle

PR reviewed during release candidate phase, approved and held as PR

  
High Priority

   
Low Priority

   
Medium Priority

   
Minor change

For minor changes, ie CSS alignment changes

  
Translation/Locale

For changes related to translations

  
WIP

Work in progress

No Label
a11y
Bug
Bug fix
Critical Priority
Documentation
Feature
Feature request
Held for next release cycle
High Priority
Low Priority
Medium Priority
Minor change
Translation/Locale
WIP
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma-fe#302
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?