WIP: pkgs/forgejo: empty /explore/users (UNTESTED) #84
No reviewers
Labels
No labels
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: the-distro/infra#84
Loading…
Reference in a new issue
No description provided.
Delete branch "forgejo-hide-users"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
this is 3am wandering around . i didn't test because it's too much of a pain to wire it up rn.
looks harmless, you can just deploy and rollback if it doesn't work ><
Hmm so as I mentioned on Matrix yesterday some time after this PR, the proper way to do this would be setting
"service.explore".DISABLE_USERS_PAGE = true;
1.But even with that, the API is still wide open. So it really depends on what the motivation behind this is.
If we want to hide all users completely, this is the wrong approach. If we want to hide the most obvious user listing, this works.
Also, something I just found out: Forgejo embeds "participants", "assignees" and "mentionable teams" of a given repository into the HTML as Javascript array of some repository views.
This is intended for stuff like the
@username
autocomplete when writing a comment under an issue or selecting an assignee/reviewer.But of course Forgejo injects this unconditionally whether you are logged in (and have permissions to actually do those things) or not.
This is really great (/s) for repositories with, say, hundreds of participants, because it puts almost always unnecessary load on the database looking up hundreds of users and their username, display name and avatar url.
https://forgejo.org/docs/latest/admin/config-cheat-sheet/#service---explore-serviceexplore ↩︎
pkgs/forgejo: empty /explore/users (UNTESTED)to WIP: pkgs/forgejo: empty /explore/users (UNTESTED)a bit of privacy is better than none, i think. naturally with all of this we're just raising the effort necessary, and that's natural.
feel free to submit a new pr (or take over this one!) with
"service.explore".DISABLE_USERS_PAGE = true;
(^:Resolved in commit
96d58bbd41
.See https://git.forkos.org/explore/users :)
wonderful <3
Pull request closed