keith/barkey
1
0
Fork 0
mirror of https://codeberg.org/yeentown/barkey synced 2024-11-21 17:55:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: primitive 18: ap/get bypasses access checks

Browse source 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
This commit is contained in:
Julia Johannesen 2024-11-14 21:23:27 -05:00
parent c04f344049
commit cbf8cc376e
No known key found for this signature in database
GPG key ID: 4A1377AF3E7FBC46
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/backend/src/server/api/endpoints/ap/get.ts
View file

@ -11,6 +11,7 @@ import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
export const meta = { export const meta = {
tags: ['federation'], tags: ['federation'],
requireAdmin: true,
requireCredential: true, requireCredential: true,
kind: 'read:federation', kind: 'read:federation',