Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User domain blocks do not prevent viewing updated profile information #28397

Open
brookmiles opened this issue Dec 16, 2023 · 0 comments
Open

User domain blocks do not prevent viewing updated profile information #28397

brookmiles opened this issue Dec 16, 2023 · 0 comments
Labels
area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged

Comments

@brookmiles
Copy link

brookmiles commented Dec 16, 2023
edited

Steps to reproduce the problem

  1. Enable Authorized Fetch on good.example
  2. From a user on good.example, block the domain test.example
  3. Make some easily visible change to user's profile on good.example
  4. From test.example, paste the full URL of the user on good.example to fetch their updated profile

Expected behaviour

Updated profile information cannot be viewed

Actual behaviour

Updated profile information can be viewed

Detailed description

When authorized fetch is enabled, server level suspensions correctly prevent suspended servers from retrieving updated profile information as expected. However user level blocks of domains do not prevent the blocked server from retrieving updated profile information of the user placing the block.

User level blocks do appear to correctly prevent retrieving new posts.

Mastodon instance

various

Mastodon version

v4.2.3

Browser name and version

Firefox 120.0.1

Operating system

Microsoft Windows [Version 10.0.19045.3693]

Technical details

No response
@brookmiles brookmiles added area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged labels Dec 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brookmiles