search

hometown-fork / hometown

A supported fork of Mastodon that provides local posting and a wider range of content types.
GNU Affero General Public License v3.0
736 stars 56 forks source link

Fix Local Only Posting #1293

Open lawremipsum opened 1 year ago

lawremipsum commented 1 year ago

As I understand the new API, any anonymous user can read the local feed unless DISALLOW_UNAUTHENTICATED_API_ACCESS is turned on.

If this is an accurate understanding, it effectively makes all "local only" posts available to the public, fundamentally making the setting not just useless, but misleading.

I know that monitoring the API changes for improvements is on the roadmap, but this is effectively a privacy leak that undermines the community nature and a core feature of hometown, and hopefully can be prioritized.

Conversely, if this isn't how it works, it would be helpful to have that confirmed.

Thank you!

ironiridis commented 1 year ago

For context, this is prompted by https://github.com/mastodon/mastodon/pull/19803 .

ironiridis commented 1 year ago

This issue unfortunately strikes again: https://github.com/SnO2WMaN/deno2nix/issues/27#issuecomment-1431283646

hartsick commented 3 weeks ago

@ironiridis have you seen this in practice? I just tried posting a local-only test message on my instance (which does not have that environment variable set) and visited my instance's feed (https://void.holdings/public/local) and via api at https://void.holdings/api/v1/timelines/public/. I could only see the public posts, not the local-only messages, when unauthenticated. local-only posts were present as expected when authenticated. seems like it works as expected.

ironiridis commented 3 weeks ago

@hartsick If that's the case, we may well be able to close this issue. I'll note that https://github.com/hometown-fork/hometown/issues/1293#issuecomment-1431527844 seems to have been me confusing myself (now hidden) and I haven't had time to look at this again.

hartsick commented 2 weeks ago

@ironiridis oops, sorry to have tagged you! I missed that you weren't the original poster of this issue.

I'm going to tag @lawremipsum like I originally intended. (see https://github.com/hometown-fork/hometown/issues/1293#issuecomment-2218359997 for context)

ironiridis commented 2 weeks ago

@hartsick Yep, in fact she and I were working together as tech admins on the same instance, and I don't believe @lawremipsum is involved with the fediverse at the moment.