diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-06-22 21:59:21 +0000 |
|---|---|---|
| committer | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-06-22 21:59:21 +0000 |
| commit | 98f014d3be22bc74e22ed93677d4381e782f2a5a (patch) | |
| tree | 0ace1f351d60224a2dc0c950f14a5eb1d0c054c1 | |
| parent | 46f7e51b27757598b1e508104edbb6f89356d043 (diff) | |
| parent | 8f6ba4b22f48dcd0256d6a9cf7259aa475895b84 (diff) | |
| download | pleroma-98f014d3be22bc74e22ed93677d4381e782f2a5a.tar.gz | |
Merge branch 'warning/mastofe-settings-blob' into 'develop'
Add warning against parsing/reusing MastoFE settings blob
See merge request pleroma/pleroma!2671
| -rw-r--r-- | lib/pleroma/web/masto_fe_controller.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex index d0d8bc8eb..43ec70021 100644 --- a/lib/pleroma/web/masto_fe_controller.ex +++ b/lib/pleroma/web/masto_fe_controller.ex @@ -49,7 +49,7 @@ defmodule Pleroma.Web.MastoFEController do |> render("manifest.json") end - @doc "PUT /api/web/settings" + @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere" def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do with {:ok, _} <- User.mastodon_settings_update(user, settings) do json(conn, %{}) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index eda74a171..419aa55e4 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -467,6 +467,7 @@ defmodule Pleroma.Web.Router do scope "/api/web", Pleroma.Web do pipe_through(:authenticated_api) + # Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere put("/settings", MastoFEController, :put_settings) end |