Open pmakholm opened 4 months ago
By the way, the favourited_by and reblogged_by API endpoints are not rescticted.
Without checking the precedence by Mastodon, these feels like they should be restricted at least at the same level as reading the status.
The following API endpoints seems to be public by default on Mastodon, but requires the read:statuses scope on Takahe:
It would be nice if it was possible to configure Takahe to allow public access to these.
I believe all information available with these API's is also available on the public time line (if enabled), so one solution would be to implicitly enable read:statuses for anonymous access in api/decorators.py if public time line is enabled.