diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2020-01-24 00:20:51 +0100 |
|---|---|---|
| committer | multiple creatures <dev@multiple-creature.party> | 2020-02-20 22:58:18 -0600 |
| commit | 294ac7e998af557db7f65f1e796a654b6428ec51 (patch) | |
| tree | f27de14c550c7f3d8e1beca9baa206a8ead58840 /app/controllers/statuses_controller.rb | |
| parent | f9837791a4b05dcb965a085a998c2f0b4aaa6e50 (diff) | |
port tootsuite/#12930 to monsterfork: Fix OEmbed leaking information about existence of non-public statuses
Diffstat (limited to 'app/controllers/statuses_controller.rb')
| -rw-r--r-- | app/controllers/statuses_controller.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 00db6c169..87fdf222e 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -47,7 +47,7 @@ class StatusesController < ApplicationController end def embed - raise ActiveRecord::RecordNotFound unless @status.distributable? + return not_found unless @status.distributable? expires_in 180, public: true response.headers['X-Frame-Options'] = 'ALLOWALL' @@ -75,7 +75,7 @@ class StatusesController < ApplicationController authorize @status, :show? end rescue Mastodon::NotPermittedError - raise ActiveRecord::RecordNotFound + not_found end def handle_sharekey_change |