diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2020-01-24 00:20:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-24 00:20:51 +0100 |
| commit | c4c315ea40356b9b598a10b49ea9455deace4553 (patch) | |
| tree | 8dc59579fff3e8b52e80b16b2b842813d278d090 /app/controllers/statuses_controller.rb | |
| parent | daf71573d0e5f1376264c7d32cf55fae284ba9e5 (diff) | |
Fix OEmbed leaking information about existence of non-public statuses (#12930)
Diffstat (limited to 'app/controllers/statuses_controller.rb')
| -rw-r--r-- | app/controllers/statuses_controller.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 57bbeca64..4fa128303 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -46,7 +46,7 @@ class StatusesController < ApplicationController end def embed - raise ActiveRecord::RecordNotFound if @status.hidden? + return not_found if @status.hidden? expires_in 180, public: true response.headers['X-Frame-Options'] = 'ALLOWALL' @@ -68,7 +68,7 @@ class StatusesController < ApplicationController @status = @account.statuses.find(params[:id]) authorize @status, :show? rescue Mastodon::NotPermittedError - raise ActiveRecord::RecordNotFound + not_found end def set_instance_presenter |