Merge branch 'warning/mastofe-settings-blob' into 'develop'

Add warning against parsing/reusing MastoFE settings blob

See merge request pleroma/pleroma!2671
This commit is contained in:
Haelwenn 2020-06-22 21:59:21 +00:00
commit 98f014d3be
2 changed files with 2 additions and 1 deletions

View file

@ -49,7 +49,7 @@ def manifest(conn, _params) do
|> render("manifest.json") |> render("manifest.json")
end end
@doc "PUT /api/web/settings" @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"
def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
with {:ok, _} <- User.mastodon_settings_update(user, settings) do with {:ok, _} <- User.mastodon_settings_update(user, settings) do
json(conn, %{}) json(conn, %{})

View file

@ -467,6 +467,7 @@ defmodule Pleroma.Web.Router do
scope "/api/web", Pleroma.Web do scope "/api/web", Pleroma.Web do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
# Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere
put("/settings", MastoFEController, :put_settings) put("/settings", MastoFEController, :put_settings)
end end