Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Posts still federate after setting blog to "Private" or "Password-protected" #403
I am running an instance with federation enabled for posts. If someone has a blog that is Unlisted, and someone subscribes to that blog via ActivityPub, and then they set the blog to Private, posts that are made from then on will still be federated to other people.
This is also true for "Password-Protected". The full text of the article federates out to any subscribers.
I would expect that federation would halt while Private, similar to how the RSS feed returns a 404 after you switch to Private.
Version or last commit: latest
Thanks for catching this! Definitely a bug we need to fix.
There's a short-term and a long-term fix here. In the short-term, we can simply prevent federation in the
The long-term / permanent fix would be: switching a blog to Private or Password-protected should probably delete the Actor and all Articles from the fediverse. This is something we need for account deletion too (open PRs: #203 and #204), so it'd be great to address those core tasks (T720 and T721) -- and we'd really appreciate help here from anyone in the community!
For now, if anyone would like to address the short-term fix here, please feel free to claim this issue and submit a PR. Otherwise I'll work on a fix sometime before the v0.13 release.