Skip to content
This repository has been archived by the owner on Feb 4, 2022. It is now read-only.

World circle posts should not be accessible when profile is set to private #735

Open
lifenautjoe opened this issue Sep 26, 2020 · 1 comment
Open

World circle posts should not be accessible when profile is set to private #735

lifenautjoe opened this issue Sep 26, 2020 · 1 comment
Labels
bug Something isn't working priority:high High priority issue

Comments

@lifenautjoe
Copy link
Member

The timeline is blocked already by this setting but a post can still be accessed directly with its UUID, we must add a check there to make sure it isnt if the profile is set to private and the person is not a follower.
@lifenautjoe lifenautjoe added bug Something isn't working priority:high High priority issue labels Sep 26, 2020
@evict
Copy link
Member

evict commented Aug 18, 2021
edited
Loading

Actually a UUID is perfectly fine for this type of thing. UUIDs are not guessable, the risk is negligible really. Just make sure that when using the web app you add the noindex header and/or tags: https://developers.google.com/search/docs/advanced/crawling/block-indexing. This will prevent indexing when someone accidentally shares the link on a public site.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working priority:high High priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evict @lifenautjoe