Make rate limiting for Mastodon Registration API less agressive and enable it by default.
As discussed on irc. Unlike Mastodon our web interface for registrations is using the same APIs regular apps would be using, so 5 requests per 30 minutes per IP could hurt valid use-cases when Pleroma-FE switches to it. Also enable the endpoint by default, it makes no sense to have it disabled when 1. TwitterAPI endpoint is there and always enabled 2. Unlike Mastodon, there is no way to get an account without using the APIs (makes me wonder why the setting is even there) Also in this commit: minor changelog improvements.
This commit is contained in:
parent
8e721706c2
commit
38f3393e93
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -22,16 +22,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Admin API: Endpoints for listing/revoking invite tokens
|
||||
- Admin API: Endpoints for making users follow/unfollow each other
|
||||
- Admin API: added filters (role, tags, email, name) for users endpoint
|
||||
- AdminFE: initial release with basic user management accessible at /pleroma/admin/
|
||||
- Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
|
||||
- Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
|
||||
- Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
|
||||
- Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
|
||||
- Mastodon API: REST API for creating an account
|
||||
- Mastodon API: `POST /api/v1/accounts` (account creation API)
|
||||
- ActivityPub C2S: OAuth endpoints
|
||||
- Metadata RelMe provider
|
||||
- Metadata: RelMe provider
|
||||
- OAuth: added support for refresh tokens
|
||||
- Emoji packs and emoji pack manager
|
||||
- AdminFE: initial release with basic user management accessible at /pleroma/admin/
|
||||
|
||||
### Changed
|
||||
- **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
|
||||
|
@ -44,8 +44,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Federation: Removed `inReplyToStatusId` from objects
|
||||
- Configuration: Dedupe enabled by default
|
||||
- Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
|
||||
- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
|
||||
- Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.
|
||||
- Admin API: Move the user related API to `api/pleroma/admin/users`
|
||||
- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
|
||||
- Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
|
||||
- Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
|
||||
- Mastodon API: Provide plaintext versions of cw/content in the Status entity
|
||||
|
@ -63,7 +64,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Deps: Updated Cowboy to 2.6
|
||||
- Deps: Updated Ecto to 3.0.7
|
||||
- Don't ship finmoji by default, they can be installed as an emoji pack
|
||||
- Admin API: Move the user related API to `api/pleroma/admin/users`
|
||||
- Hide deactivated users and their statuses
|
||||
|
||||
### Fixed
|
||||
|
@ -71,7 +71,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Followers counter not being updated when a follower is blocked
|
||||
- Deactivated users being able to request an access token
|
||||
- Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak
|
||||
- proper Twitter Card generation instead of a dummy
|
||||
- Proper Twitter Card generation instead of a dummy
|
||||
- Deletions failing for users with a large number of posts
|
||||
- NodeInfo: Include admins in `staffAccounts`
|
||||
- ActivityPub: Crashing when requesting empty local user's outbox
|
||||
|
|
|
@ -239,7 +239,7 @@
|
|||
safe_dm_mentions: false,
|
||||
healthcheck: false
|
||||
|
||||
config :pleroma, :app_account_creation, enabled: false, max_requests: 5, interval: 1800
|
||||
config :pleroma, :app_account_creation, enabled: true, max_requests: 25, interval: 1800
|
||||
|
||||
config :pleroma, :markup,
|
||||
# XXX - unfortunately, inline images must be enabled by default right now, because
|
||||
|
|
Loading…
Reference in New Issue