You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The config flag DISALLOW_UNAUTHENTICATED_API_ACCESS (in conjunction with AUTHORIZED_FETCH which allows admins to enable so called "secure mode" requiring REST/Streaming API access) blocks public page previews unless the content is fetched via ActivtyPub (or the user is local).
At the moment, when visiting a user profile (via a web browser) on a server with these config flags enabled, you receive the 401 This method requires an authenticated user message - but as soon as you receive it, the web app makes another request for the same endpoint .../api/v1/accounts/1/statuses?exclude_replies=true and the message repeats and then the fetch repeats... - all without giving a clue as to why you are receiving the message.
The web app needs to recognise this status an show a more user friendly option similar to the remote follow modal:
To view this page, you will need a Mastodon account either on this server or use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one.
On this server
On a different server
Sign in
Copy and paste this URL into the search field of your favourite Mastodon app or the web interface of your Mastodon server
rbairwell
changed the title
Improved UI in case of DISALLOW_UNAUTHENTICATED_API_ACCESS being activated
Improve UI in case of DISALLOW_UNAUTHENTICATED_API_ACCESS being activated
Nov 30, 2022
Similar to #21082 , but that is specifically asking for the about and data protection/privacy pages to be excluded from the block: whereas this request is for an improved user experience on the page itself.
This problem can actually be caused to happen by #21869 "Links to posts from remote servers not loaded in the local web-app" if somebody includes a link to an instance which has DISALLOW_UNAUTHENTICATED_API_ACCESS enabled.
Pitch
The config flag DISALLOW_UNAUTHENTICATED_API_ACCESS (in conjunction with AUTHORIZED_FETCH which allows admins to enable so called "secure mode" requiring REST/Streaming API access) blocks public page previews unless the content is fetched via ActivtyPub (or the user is local).
At the moment, when visiting a user profile (via a web browser) on a server with these config flags enabled, you receive the
401 This method requires an authenticated user
message - but as soon as you receive it, the web app makes another request for the same endpoint .../api/v1/accounts/1/statuses?exclude_replies=true and the message repeats and then the fetch repeats... - all without giving a clue as to why you are receiving the message.The web app needs to recognise this status an show a more user friendly option similar to the remote follow modal:
Motivation
This feature is needed to:
The text was updated successfully, but these errors were encountered: