/mastodon

Followers-only toots that your instance knows about already should be searchable using the URL by people who follow the author #5818

Open
Cassolotl opened this Issue Nov 25, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
4 participants
@Cassolotl @nightpool @puckipedia @unarist
@Cassolotl

Cassolotl commented Nov 25, 2017
edited
Edited 1 time
  • @Cassolotl Cassolotl edited Nov 25, 2017 (most recent)

Scenario:

  1. Sandy has been following Paul for like... 3 weeks.
  2. Yesterday Paul tooted something on the followers-only privacy setting, and Sandy saved the URL for later boosting or whatever.
  3. Sandy pastes the URL into their Mastodon web UI so that they can boost the toot.

Expected behaviour: Sandy's instance "knows" Paul's followers-only toot and knows that Sandy follows Paul. Sandy's search should bring up the toot.

Current behaviour: Sandy's search yields 0 results, because the toot they are searching for is set to followers-only.

This might be a duplicate but I honestly don't know what to search for. :S It is inspired by this thread.

  • I searched or browsed the repo’s other issues to ensure this is not a duplicate.
  • This bug happens on a tagged release and not on master (If you're a user, don't worry about this).
@nightpool

This comment has been minimized.

Show comment
Hide comment
@nightpool

nightpool Nov 25, 2017

Collaborator

it is maybe possible to do this in the case where the status has already been populated, if the searched for URI is the same as the url or uri that was sent with the post (i.e. there's no redirection happening), but it would be complicated and maybe fraught (should you should statuses by silenced users? what about users that block you? these are all things to take into consideration....)

it is probably not currently feasible for us to fetch remote statuses that are private, even though I could imagine a HTTP Signatures way of doing it.
Collaborator

nightpool commented Nov 25, 2017
edited
Edited 2 times
  • @nightpool nightpool edited Nov 25, 2017 (most recent)
  • @nightpool nightpool edited Nov 25, 2017

it is maybe possible to do this in the case where the status has already been populated, if the searched for URI is the same as the url or uri that was sent with the post (i.e. there's no redirection happening), but it would be complicated and maybe fraught (should you should statuses by silenced users? what about users that block you? these are all things to take into consideration....)

it is probably not currently feasible for us to fetch remote statuses that are private, even though I could imagine a HTTP Signatures way of doing it.
@puckipedia

This comment has been minimized.

Show comment
Hide comment
@puckipedia

puckipedia Nov 25, 2017

Collaborator

not parsing HTTP signatures on GETs for statuses is a thing that I've been missing due to my Kroeg instance not being as well populated and trying to retrieve entire post chains, but failing because there's posts that might be follower-only, but before I was a follower
Collaborator

puckipedia commented Nov 25, 2017

not parsing HTTP signatures on GETs for statuses is a thing that I've been missing due to my Kroeg instance not being as well populated and trying to retrieve entire post chains, but failing because there's posts that might be follower-only, but before I was a follower

@unarist unarist added the activitypub label Nov 28, 2017

@puckipedia puckipedia referenced this issue Jan 8, 2018

Merged

Allow retrieval of private statuses (single or in outbox) using HTTP signatures #6225

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment