Skip to content

[FIX] [#1732] Made AP C2S :followers and :following endpoints serve on no auth

Ivan Tashkinov requested to merge fix/1732-authless-following-followers into develop

Fixes #1732 (closed).

As for related :api pipeline endpoints, :followers and :following endpoints should be accessible on no auth.

Issue details:

ActivityPub.fetch_follow_information_for_user/1 calls:

  • Fetcher.fetch_and_contain_remote_object_from_id(user.following_address)
  • Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address)

Those sign the fetch but only if Pleroma.Config.get([:activitypub, :sign_object_fetches]) is tru-ish. So, we shouldn't rely on signature presence here. The signature is ignored anyways if present since the above routes do not go through plug(:http_signature).

So, providing auth-less access to the above endpoints.

Edited by Ivan Tashkinov

Merge request reports