Private profile leak status
Environment
- Installation type (OTP or From Source):Source
- Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): Pleroma+soapbox 2.5.52-440-g7fd0b309.develop
- Elixir version (
elixir -v
for from source installations, N/A for OTP): - Operating system: Ubuntu 20
- PostgreSQL version (
psql -V
):
Bug description
I noticed that profiles that are private your statuses are still visible on the profile or even on the timeline by unauthorized users or even unauthenticated users, you can see posts and everything.
I'm developing a method on the soapbox frontend that blocks the view doing some comparisons.
isLocked && ownAccount?.id !== account?.id && account?.relationship?.following
But I believe that the fastest way to do this would be to change the api in pleroma so that when it returns the type of visibility of the post, making it so that if the account is blocked and it is not as unlisted, then it always returns as "only followers" to instead of public.