webfan
@webfan@inne.city
- Comment on Noch eine Frage zu # Friendica : Werden denn angepinnte Posts aus Frien 1 day ago:
- Submitted 1 day ago to helpers@forum.friendi.ca | 0 comments
- Comment on Noch eine Frage zu # Friendica : Werden denn angepinnte Posts aus Frien 2 days ago: @wolf Ich glaube es gibt derzeit einen Bug?
Nur der User selber sieht seine gepinnten Beiträge oben angepinnt!??
Wenn ich als Gast mein Profil besuche sehe ich den letzten Beitrag (NICHT den gepinnten) zuerst, dann einen angepinnten und dann die timeline? - Submitted 2 days ago to helpers@forum.friendi.ca | 0 comments
- Comment on Vorschlag/Anregung an die Entwickler: Kann der Link zu /moderation/users/pending 2 weeks ago: @oldkid Ah, da ist noch ein Reiter oben. Den hatte ich nicht gesehen.
Danke Dir! 😀 - Submitted 2 weeks ago to helpers@forum.friendi.ca | 0 comments
- Submitted 2 weeks ago to helpers@forum.friendi.ca | 2 comments
- Comment on So I kind of set up another level of security well not really more of a gate to 3 weeks ago: @pasjrwoctx You are right, sorry I did not read the complete code, I was in $is_fediverse =... line.
if ($request === '/' makes it clear, sorry!
$is_fediverse and is_static is not necessary then? - Submitted 3 weeks ago to helpers@forum.friendi.ca | 0 comments
- Comment on So I kind of set up another level of security well not really more of a gate to 3 weeks ago:
cookie could be faked but so can headers, and the way I have it now the cookie is only good for the session, bots and scrapers start a new session every time
The sessionID is in the cookie yes, but the info can be in the session. If a bad bot starts a new session, well it will not have the "OK" in the session.
Accept headers can be faked but that would make less sense as it breaks content negotiation, and you can use it as ONE aspect of other bot indicators., but my understanding of how friendica and activitypub are setup the inbox should not be callable by bots and scrapers
For server to server protocol an instance will act like a "legitim bot", it will not pass a captcha or session check, validation of the request is done via signatures. - Submitted 3 weeks ago to helpers@forum.friendi.ca | 0 comments
- Comment on So I kind of set up another level of security well not really more of a gate to 3 weeks ago:
@pasjrwoctx Sorry, I mean the /inbox route from the check
$is_fediverse =
str_contains($request, '/.well-known/') ||
str_contains($request, '/activitypub/') ||
str_contains($request, '/api/') ||
str_contains($request, '/assets/') ||
str_contains($request, '/inbox');You could also check for Request-Type headers.
A cookie can be faked, you should consider to store the OK in the session instead?
- Submitted 3 weeks ago to helpers@forum.friendi.ca | 0 comments
- Comment on So I kind of set up another level of security well not really more of a gate to 3 weeks ago: @pasjrwoctx I did not test it yet, but I believe you should exclude the /inbox route e.g. too?
- Submitted 3 weeks ago to helpers@forum.friendi.ca | 0 comments
- Comment on Folgende Gefolgte 4 weeks ago:
@catmanfriedhelm Ich fand das auch erst etwas verwirrend.
Folgende sind die die mir folgen und Gefolgte denen folge ich richtig?
Ich glaube ja. - Submitted 4 weeks ago to helpers@forum.friendi.ca | 0 comments