From ae8c6b892f512b4840c725446890b708fd22a12e Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 20 Dec 2018 01:30:43 +0100 Subject: [PATCH] Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573) Fix #7087 The same data is available over the ActivityPub outbox, RSS, and Atom, so there is little benefit to keeping it limited in this method. --- app/controllers/api/v1/accounts/statuses_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index b68a8805fa..d3f1197f83 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Accounts::StatusesController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:statuses' } + before_action -> { authorize_if_got_token! :read, :'read:statuses' } before_action :set_account after_action :insert_pagination_headers