Make sure private toots remain private and do not end up in HTTP caches (#6175)

2018-01-04 14:39:38 +01:00 · 2018-01-04 14:39:38 +01:00 · 3bee0996c5
commit 3bee0996c5
parent 89daeb43a8
2 changed files with 4 additions and 3 deletions
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -24,7 +24,7 @@ class StatusesController < ApplicationController
      format.json do
        skip_session! unless @stream_entry.hidden?

-        render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json') do
+        render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
          ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)
        end
      end
@ -34,7 +34,7 @@ class StatusesController < ApplicationController
  def activity
    skip_session!

-    render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json') do
+    render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
      ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)
    end
  end