From fbbf4ab62cf0cf3ec54cedb4848c4bcdecdf677b Mon Sep 17 00:00:00 2001 From: Fire Demon Date: Sun, 28 Jun 2020 18:08:33 -0500 Subject: [Privacy] Do not disclose private allow list domains to nodeinfo and instance endpoints --- app/serializers/nodeinfo/serializer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/serializers/nodeinfo') diff --git a/app/serializers/nodeinfo/serializer.rb b/app/serializers/nodeinfo/serializer.rb index 071e1abd2..2bd2c772f 100644 --- a/app/serializers/nodeinfo/serializer.rb +++ b/app/serializers/nodeinfo/serializer.rb @@ -39,7 +39,7 @@ class NodeInfo::Serializer < ActiveModel::Serializer def metadata { - domain_allows: display_allows? ? DomainAllow.all.map { |a| a.slice(:domain) } : [], + domain_allows: display_allows? ? DomainAllow.where(hidden: false).map { |a| a.slice(:domain) } : [], domain_blocks: display_blocks? ? DomainBlock.all.map { |b| b.slice(:domain, :severity, :reject_media, :reject_reports, :public_comment) } : [], } end -- cgit