Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances

# Conflicts: # lib/pleroma/web/feed/user_controller.ex # lib/pleroma/web/o_status/o_status_controller.ex # lib/pleroma/web/router.ex # lib/pleroma/web/static_fe/static_fe_controller.ex
author: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-10-17 13:12:39 +0300
committer: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-10-17 13:12:39 +0300
commit: 049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch)
tree: 16d4a05e533685e8b8385f886e58addb05a90d7d /docs/dev.md
parent: 2498e569f12694439b6f99d0730f6fb36301c454 (diff)
parent: 023f726d7f497705d766adee8874b94efb08a0aa (diff)
download: pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/dev.md b/docs/dev.md
index 9c749c17c..22e0691f1 100644
--- a/docs/dev.md
+++ b/docs/dev.md
@@ -6,7 +6,7 @@ This document contains notes and guidelines for Pleroma developers.
 
 * Pleroma supports hierarchical OAuth scopes, just like Mastodon but with added granularity of admin scopes. For a reference, see [Mastodon OAuth scopes](https://docs.joinmastodon.org/api/oauth-scopes/).
 
-* It is important to either define OAuth scope restrictions or explicitly mark OAuth scope check as skipped, for every controller action. To define scopes, call `plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: [...]})`. To explicitly set OAuth scopes check skipped, call `plug(:skip_plug, Pleroma.Plugs.OAuthScopesPlug <when ...>)`.
+* It is important to either define OAuth scope restrictions or explicitly mark OAuth scope check as skipped, for every controller action. To define scopes, call `plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: [...]})`. To explicitly set OAuth scopes check skipped, call `plug(:skip_plug, Pleroma.Web.Plugs.OAuthScopesPlug <when ...>)`.
 
 * In controllers, `use Pleroma.Web, :controller` will result in `action/2` (see `Pleroma.Web.controller/0` for definition) be called prior to actual controller action, and it'll perform security / privacy checks before passing control to actual controller action.
 
@@ -16,7 +16,7 @@ This document contains notes and guidelines for Pleroma developers.
 
 ## [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization)
 
-* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Plugs.AuthenticationPlug` and `Pleroma.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided.
+* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Web.Plugs.AuthenticationPlug` and `Pleroma.Web.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided.
 
 ## Auth-related configuration, OAuth consumer mode etc.
author	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-10-17 13:12:39 +0300
committer	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-10-17 13:12:39 +0300
commit	049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch)
tree	16d4a05e533685e8b8385f886e58addb05a90d7d /docs/dev.md
parent	2498e569f12694439b6f99d0730f6fb36301c454 (diff)
parent	023f726d7f497705d766adee8874b94efb08a0aa (diff)
download	pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz