[#1732] Made AP C2S :followers and :following endpoints serve on no auth

[akkoma] / lib / pleroma / web / activity_pub / activity_pub_controller.ex

diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 325a714b4ed3b8a0be99b6066bdb5684121ff1db..f607931ab247bc2b6435cbbbba5a74d07bca6466 100644 (file)
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -13,9 +13,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Builder
-  alias Pleroma.Web.ActivityPub.Pipeline
   alias Pleroma.Web.ActivityPub.InternalFetchActor
   alias Pleroma.Web.ActivityPub.ObjectView
+  alias Pleroma.Web.ActivityPub.Pipeline
   alias Pleroma.Web.ActivityPub.Relay
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.UserView
@@ -37,9 +37,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
     [unless_func: &FederatingPlug.federating?/0] when action not in @federating_only_actions
   )
 
+  # Note: :following and :followers must be served even without authentication (as via :api)
   plug(
     EnsureAuthenticatedPlug
-    when action in [:read_inbox, :update_outbox, :whoami, :upload_media, :following, :followers]
+    when action in [:read_inbox, :update_outbox, :whoami, :upload_media]
   )
 
   plug(