Ensure embeds will not be served if unauthenticated users could not see it

This commit is contained in:
FloatingGhost 2023-07-17 18:24:53 +01:00
parent c8904f15a2
commit 16d2bfef80
2 changed files with 7 additions and 1 deletions

View file

@ -6,10 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## Unreleased
## Added
- Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy.
- Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist`, and instead use `blocklist`.
- `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types
## Fixed
- Deactivated users can no longer show up in the emoji reaction list
## 2023.05
## Added

View file

@ -16,7 +16,7 @@ defmodule Pleroma.Web.EmbedController do
def show(conn, %{"id" => id}) do
with %Activity{local: true} = activity <-
Activity.get_by_id_with_object(id),
true <- Visibility.is_public?(activity.object) do
true <- Visibility.visible_for_user?(activity.object, nil) do
{:ok, author} = User.get_or_fetch(activity.object.data["actor"])
conn