Check if data is visible before embedding it in OG tags #741

Merged

floatingghost merged 1 commits from ograph-restrictions into develop 2024-04-12 17:23:00 +00:00

Conversation 0 Commits 1 Files Changed 6 +115 -25

floatingghost commented 2024-04-12 04:42:41 +00:00

Owner

Copy Link

previously we would uncritically take data and format it into
tags for static-fe and the like - however, instances can be
configured to disallow unauthenticated access to these resources.

this means that OG tags as a vector for information leakage.

technically this should only occur if you have both
restrict_unauthenticated AND you run static-fe, which makes no
sense since static-fe is for unauthenticated people in particular,
but hey ho.

previously we would uncritically take data and format it into tags for static-fe and the like - however, instances can be configured to disallow unauthenticated access to these resources. this means that OG tags as a vector for information leakage. _technically_ this should only occur if you have both restrict_unauthenticated *AND* you run static-fe, which makes no sense since static-fe is for unauthenticated people in particular, but hey ho.

floatingghost added 1 commit 2024-04-12 04:42:41 +00:00

05f8179d08 check if data is visible before embedding it in OG tags ...

previously we would uncritically take data and format it into
tags for static-fe and the like - however, instances can be
configured to disallow unauthenticated access to these resources.

this means that OG tags as a vector for information leakage.

_technically_ this should only occur if you have both
restrict_unauthenticated *AND* you run static-fe, which makes no
sense since static-fe is for unauthenticated people in particular,
but hey ho.

floatingghost merged commit 6ba80aaff5 into develop 2024-04-12 17:23:00 +00:00

floatingghost deleted branch ograph-restrictions 2024-04-12 17:23:00 +00:00

floatingghost referenced this issue from a commit 2024-04-12 17:23:01 +00:00

Merge pull request 'Check if data is visible before embedding it in OG tags' (#741) from ograph-restrictions into develop

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

approved, awaiting change

  

bug

Something is not working

  

configuration

This requires config changes

  

documentation

This is about human-readable docs

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

extremely low priority

  

feature request

Something new?

  

Fix it yourself

Support has been attempted

  

help wanted

Need some help

  

invalid

Something is wrong

  

mastodon_api

  

needs docs

  

needs tests

  

not a bug

  

planned

  

pleroma_api

  

privacy

  

question

More information is needed

  

static_fe

  

triage

  

wontfix

This won't be fixed

No Label

approved, awaiting change

bug

configuration

documentation

duplicate

enhancement

extremely low priority

feature request

Fix it yourself

help wanted

invalid

mastodon_api

needs docs

needs tests

not a bug

planned

pleroma_api

privacy

question

static_fe

triage

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#741

No description provided.