Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve UI in case of DISALLOW_UNAUTHENTICATED_API_ACCESS being activated #21900

Open
rbairwell opened this issue Nov 30, 2022 · 2 comments
Open
Labels
suggestion Feature suggestion

Comments

@rbairwell
Copy link

rbairwell commented Nov 30, 2022

Pitch

The config flag DISALLOW_UNAUTHENTICATED_API_ACCESS (in conjunction with AUTHORIZED_FETCH which allows admins to enable so called "secure mode" requiring REST/Streaming API access) blocks public page previews unless the content is fetched via ActivtyPub (or the user is local).

At the moment, when visiting a user profile (via a web browser) on a server with these config flags enabled, you receive the 401 This method requires an authenticated user message - but as soon as you receive it, the web app makes another request for the same endpoint .../api/v1/accounts/1/statuses?exclude_replies=true and the message repeats and then the fetch repeats... - all without giving a clue as to why you are receiving the message.

The web app needs to recognise this status an show a more user friendly option similar to the remote follow modal:

This page cannot be shown publicly
This instance has blocked public access .
To view this page, you will need a Mastodon account either on this server or use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one.
On this server On a different server
Sign in Copy and paste this URL into the search field of your favourite Mastodon app or the web interface of your Mastodon server
Create account https://example.com/@profile [Copy]

Motivation

This feature is needed to:

  • Stop many many many API requests to profile pages on these instances
  • Be clear to users as to why they cannot see the content to reduce confusion
@rbairwell rbairwell added the suggestion Feature suggestion label Nov 30, 2022
@rbairwell rbairwell changed the title Improved UI in case of DISALLOW_UNAUTHENTICATED_API_ACCESS being activated Improve UI in case of DISALLOW_UNAUTHENTICATED_API_ACCESS being activated Nov 30, 2022
@rbairwell
Copy link
Author

Similar to #21082 , but that is specifically asking for the about and data protection/privacy pages to be excluded from the block: whereas this request is for an improved user experience on the page itself.

This problem can actually be caused to happen by #21869 "Links to posts from remote servers not loaded in the local web-app" if somebody includes a link to an instance which has DISALLOW_UNAUTHENTICATED_API_ACCESS enabled.

@ThisIsMissEm
Copy link
Contributor

Just a heads up: Streaming now always requires authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
suggestion Feature suggestion
Projects
None yet
Development

No branches or pull requests

2 participants