Conversation

Notices

1. Embed this notice
   SolSoCoG (solsocog@ieji.de)'s status on Saturday, 08-Jun-2024 15:53:53 JST SolSoCoG

   Well. Setting the X-Forwarded-For header to 127.0.0.1 practice to cloak users ips was patched out with the last update https://github.com/mastodon/mastodon/security/advisories/GHSA-c2r5-cfqr-c553 gotta find a new solution. Possibly random private ips but this will end up sending login from new IP messages every new login. #mastoadmin #anonymity

   • Embed this notice
     SolSoCoG (solsocog@ieji.de)'s status on Saturday, 08-Jun-2024 16:44:42 JST SolSoCoG

     in reply to

     • ꧁Selery𝕮𝖊𝖆꧂:blobcatdj:

     @alcea damn thats an extensive list. uhm. well maybe. But not if every user on an instance shares that rate limit as we hit into it when moderating or trying to view source images.

   • Embed this notice
     ꧁Selery𝕮𝖊𝖆꧂:blobcatdj: (alcea@pb.todon.de)'s status on Saturday, 08-Jun-2024 16:44:43 JST ꧁Selery𝕮𝖊𝖆꧂:blobcatdj:

     in reply to

     @SolSoCoG

     Tbh tho.
     I never hit a brickroad when I still wrote trash for mtd
     ( https://codepen.io/ryedai1/pens/tags/?selected_tag=mastodon )

     I think their ratelimit was fair sofar...

     Thenagain.
     Gargamel.

     I'm not gagas best friend...

   • Embed this notice
     SolSoCoG (solsocog@ieji.de)'s status on Saturday, 08-Jun-2024 18:49:27 JST SolSoCoG

     in reply to

     • ꧁Selery𝕮𝖊𝖆꧂:blobcatdj:

     @alcea yeah, what sucks is that this is 127.0.0.1 workaround was only a risk if you are dumb enough to have puma facing a public IP. I really don't
     want to start forking and stuff :crychkat3r:

   • Embed this notice
     ꧁Selery𝕮𝖊𝖆꧂:blobcatdj: (alcea@pb.todon.de)'s status on Saturday, 08-Jun-2024 18:49:29 JST ꧁Selery𝕮𝖊𝖆꧂:blobcatdj:

     in reply to

     @SolSoCoG

     I had a phase lol.

     But in your case it might be an issue