Emelia Smith
Emelia Smith
This might be solved by https://github.com/mastodon/mastodon/pull/24968 β currently remote reports all show up as "other" and the reason selected on the reporting origin isn't forwarded through. So a user may...
Mastodon is now publishing images to GHCR, so the additional auth configuration here wouldn't be necessary. The changes here could be limited to just having the `env` variable declaration and...
> There is no downside to including `.tool-versions`. It should either be included or gitignored. I would say the downside is repetition of these values, which could all get out...
This is now fixed in the documentation.
Whilst the `/api/v1/apps` endpoint is not specifically rate-limited, it is rate limited using the `throttle_unauthenticated_api` rule, which is currently 300 requests in a 5 minute period per IP Address. It...
Is anyone able to reproduce this on 4.2.0?
@vmstan I think we can close this issue
I don't think this would actually help with protecting the security of an out-of-date instance, because why would an attacker care what version you're running? They're just going to try...
@ClearlyClaire The creation side is solved by using `enforce_configured_scopes` on Doorkeeper's configuration, which we now do, this was done in https://github.com/mastodon/mastodon/pull/16042 We probably want a migration to repair or delete...
For user-level domain blocks, the API requires any of the following OAuth scopes: `follow`, `read`, `read:blocks`. For server-level domain blocks, the admin API requires any of the following OAuth scopes:...