Fix potential private status leak (#10969)

author: ThibG <thib@sitedethib.com> 2019-06-05 13:40:20 +0200
committer: multiple creatures <dev@multiple-creature.party> 2019-11-19 16:35:05 -0600
commit: 86d8fba8556804010745fe93ff57bc6e2657dafa (patch)
tree: 5e4a5cc3700c48da469ba1fdcb849b8f24903c8f /app/controllers
parent: 43007ae25fff182547df944dbf9dfa3aad5837f9 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index d2b32bb81..e56f1a9d5 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -30,9 +30,7 @@ class StatusesController < ApplicationController
   def show
     respond_to do |format|
       format.html do
-        use_pack 'public'
-
-        unless user_signed_in?
+        if current_account.nil?
           skip_session!
           expires_in 10.seconds, public: true
         end
@@ -64,7 +62,6 @@ class StatusesController < ApplicationController
   end
 
   def embed
-    use_pack 'embed'
     raise ActiveRecord::RecordNotFound if @status.hidden?
 
     skip_session!
author	ThibG <thib@sitedethib.com>	2019-06-05 13:40:20 +0200
committer	multiple creatures <dev@multiple-creature.party>	2019-11-19 16:35:05 -0600
commit	86d8fba8556804010745fe93ff57bc6e2657dafa (patch)
tree	5e4a5cc3700c48da469ba1fdcb849b8f24903c8f /app/controllers
parent	43007ae25fff182547df944dbf9dfa3aad5837f9 (diff)