Add warning against parsing/reusing MastoFE settings blob

author Haelwenn (lanodan) Monnier <contact@hacktivis.me>

Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)

committer Haelwenn (lanodan) Monnier <contact@hacktivis.me>

Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)
author Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)
committer Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)
diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex

index d0d8bc8eb9c5ef3bb28a18b2025937a8201ba43d..43ec700219f7b75852f001444ac4bb6a4bd052b3 100644 (file)
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -49,7 +49,7 @@ defmodule Pleroma.Web.MastoFEController do
      |> render("manifest.json")
    end
  
-  @doc "PUT /api/web/settings"
+  @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"
    def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
      with {:ok, _} <- User.mastodon_settings_update(user, settings) do
        json(conn, %{})
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex

index eda74a171820688f6cef689143382d8cb4b4cfad..419aa55e4589d76882e5d65832c1e2d958eaf4b8 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -467,6 +467,7 @@ defmodule Pleroma.Web.Router do
    scope "/api/web", Pleroma.Web do
      pipe_through(:authenticated_api)
  
+    # Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere
      put("/settings", MastoFEController, :put_settings)
    end
author	Haelwenn (lanodan) Monnier <contact@hacktivis.me>
	Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>
	Mon, 22 Jun 2020 21:45:29 +0000 (23:45 +0200)
lib/pleroma/web/masto_fe_controller.ex		patch \| blob \| history
lib/pleroma/web/router.ex		patch \| blob \| history