X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmasto_fe_controller.ex;h=08f92d55fb097f2fcf9a78424a360b1cd1cdfd15;hb=c3112fd13a6af239b9dff0813e93266ec58f571e;hp=9a2ec517aad01f6ffbb45ddfd3e4ccbdd1e26976;hpb=f685cbd30940b3fd92a2f6c8a161729bc2ceaab6;p=akkoma

diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index 9a2ec517a..08f92d55f 100644
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -5,12 +5,15 @@
 defmodule Pleroma.Web.MastoFEController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
 
   # Note: :index action handles attempt of unauthenticated access to private instance with redirect
+  plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action == :index)
+
   plug(
     OAuthScopesPlug,
     %{scopes: ["read"], fallback: :proceed_unauthenticated}
@@ -19,7 +22,7 @@ defmodule Pleroma.Web.MastoFEController do
 
   plug(
     :skip_plug,
-    Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action in [:index, :manifest]
+    [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :manifest
   )
 
   @doc "GET /web/*path"
@@ -46,7 +49,7 @@ defmodule Pleroma.Web.MastoFEController do
     |> render("manifest.json")
   end
 
-  @doc "PUT /api/web/settings"
+  @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"
   def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
     with {:ok, _} <- User.mastodon_settings_update(user, settings) do
       json(conn, %{})