summaryrefslogtreecommitdiff
path: root/test/web/auth
diff options
context:
space:
mode:
authorMike Verdone <spiral@arcseconds.net>2019-07-24 12:43:20 +0200
committerMike Verdone <spiral@arcseconds.net>2019-07-24 14:47:22 +0200
commit3cb471ec0688b81c8ef37dd27f2b82e6c858431f (patch)
treefa538e4012cfbff2ad99f68fe818b9df582fa01c /test/web/auth
parent36012ef6c1dfea2489e61063e14783fa3fb52700 (diff)
downloadpleroma-3cb471ec0688b81c8ef37dd27f2b82e6c858431f.tar.gz
pleroma-3cb471ec0688b81c8ef37dd27f2b82e6c858431f.zip
Expose expires_at datetime in mastoAPI only for the activity actor
In the "pleroma" section of the MastoAPI for status activities you can see an expires_at item that states when the activity will expire, or nothing if the activity will not expire. The expires_at date is only visible to the person who posted the activity. This is the conservative approach in case some attacker decides to write a logger for expiring posts. However, in the future of OCAP, signed requests, and all that stuff, this attack might not be that likely. Some other pleroma dev should remove the restriction in the code at that time, if they're satisfied with the security implications of doing so.
Diffstat (limited to 'test/web/auth')
0 files changed, 0 insertions, 0 deletions