## unreleased-patch - ???
+### Security
+- Fix metadata leak for accounts and statuses on private instances
+
### Added
- Rich media failure tracking (along with `:failure_backoff` option)
def build_tags(params) do
providers = [
Pleroma.Web.Metadata.Providers.RestrictIndexing,
- Pleroma.Web.Metadata.Providers.RelMe,
- | Pleroma.Config.get([__MODULE__, :providers], [])
+ Pleroma.Web.Metadata.Providers.RelMe
+ | activated_providers()
]
Enum.reduce(providers, "", fn parser, acc ->
def activity_nsfw?(_) do
false
end
+
+ defp activated_providers do
+ if Pleroma.Config.get!([:instance, :public]) do
+ Pleroma.Config.get([__MODULE__, :providers], [])
+ else
+ []
+ end
+ end
end
"<meta content=\"noindex, noarchive\" name=\"robots\">"
end
end
+
+ describe "no metadata for private instances" do
+ test "for local user" do
+ Pleroma.Config.put([:instance, :public], false)
+ user = insert(:user, bio: "This is my secret fedi account bio")
+
+ assert "" = Pleroma.Web.Metadata.build_tags(%{user: user})
+ end
+ end
end
projects / akkoma / commitdiff