search

hometown-fork / hometown

A supported fork of Mastodon that provides local posting and a wider range of content types.
GNU Affero General Public License v3.0
734 stars 56 forks source link

Redirect unauthenticated users to canonical pages for remote profiles #1326

Open WesleyAC opened 11 months ago

WesleyAC commented 11 months ago

Pitch

I have a PR for upstream to redirect unauthenticated users to the canonical page for remote profiles (https://github.com/mastodon/mastodon/pull/25978), but they seem unlikely to look at the patch. I described the reasoning for this in https://github.com/glitch-soc/mastodon/issues/2225. It'll need a bit more work to get the benefits described there (changing the API as well as the UI), but I'm happy to do that if people want to apply the patch.

I would do this as a PR, but Github makes it impossible to have multiple forks of the same repo, or to make a PR from one fork to a different one, for reasons that are inscrutable to me :/

Motivation

See https://github.com/glitch-soc/mastodon/issues/2225

pronoiac commented 8 months ago

It might be worth noting that the requested functionality (or something adjacent) can be abused, leading to something like an open redirect; here's a blog post about it, which ... ugh, some of the examples work on my instance. Which I probably should file a separate issue about.