Merge branch '2046-default-restrict-unauthenticated-basing-on-instance-privacy' into 'develop'
[#2046] Defaulted pleroma/restrict_unauthenticated basing on instance privacy Closes #2046 See merge request pleroma/pleroma!2890
This commit is contained in:
lain
commit
e154fcf525
10 changed files with 53 additions and 39 deletions
|
|
@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Configuration: `:media_proxy, whitelist` format changed to host with scheme (e.g. `http://example.com` instead of `example.com`). Domain format is deprecated.
|
||||
- **Breaking:** Configuration: `:instance, welcome_user_nickname` moved to `:welcome, :direct_message, :sender_nickname`, `:instance, :welcome_message` moved to `:welcome, :direct_message, :message`. Old config namespace is deprecated.
|
||||
- **Breaking:** LDAP: Fallback to local database authentication has been removed for security reasons and lack of a mechanism to ensure the passwords are synchronized when LDAP passwords are updated.
|
||||
- **Breaking** Changed defaults for `:restrict_unauthenticated` so that when `:instance, :public` is set to `false` then all `:restrict_unauthenticated` items be effectively set to `true`. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
|
||||
|
||||
<details>
|
||||
<summary>API Changes</summary>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue