Ensure embeds will not be served if unauthenticated users could not see it
This commit is contained in:
parent
c8904f15a2
commit
16d2bfef80
2 changed files with 7 additions and 1 deletions
|
@ -6,10 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
|
||||
## Unreleased
|
||||
|
||||
## Added
|
||||
|
||||
- Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy.
|
||||
- Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist`, and instead use `blocklist`.
|
||||
- `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types
|
||||
|
||||
## Fixed
|
||||
|
||||
- Deactivated users can no longer show up in the emoji reaction list
|
||||
|
||||
## 2023.05
|
||||
|
||||
## Added
|
||||
|
|
|
@ -16,7 +16,7 @@ defmodule Pleroma.Web.EmbedController do
|
|||
def show(conn, %{"id" => id}) do
|
||||
with %Activity{local: true} = activity <-
|
||||
Activity.get_by_id_with_object(id),
|
||||
true <- Visibility.is_public?(activity.object) do
|
||||
true <- Visibility.visible_for_user?(activity.object, nil) do
|
||||
{:ok, author} = User.get_or_fetch(activity.object.data["actor"])
|
||||
|
||||
conn
|
||||
|
|
Loading…
Reference in a new issue