fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
This commit is contained in:
Julia Johannesen 2024-11-14 21:23:27 -05:00
parent c04f344049
commit cbf8cc376e
No known key found for this signature in database
GPG Key ID: 4A1377AF3E7FBC46
1 changed files with 1 additions and 0 deletions

View File

@ -11,6 +11,7 @@ import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
export const meta = { export const meta = {
tags: ['federation'], tags: ['federation'],
requireAdmin: true,
requireCredential: true, requireCredential: true,
kind: 'read:federation', kind: 'read:federation',