diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-08-25 21:17:33 -0400 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-08-25 21:17:33 -0400 |
commit | c16160b3d4f3a5933bfa6b333c9af768b4560ed4 (patch) | |
tree | 3ca27f4a7553e954978e81d3acbfa149e7d8ce46 | |
parent | e16af41d55a75d79ef4f921bad7094834957a9e7 (diff) | |
download | selfhosted-c16160b3d4f3a5933bfa6b333c9af768b4560ed4.tar.gz selfhosted-c16160b3d4f3a5933bfa6b333c9af768b4560ed4.zip |
mastodon: disable anonymous access by default
-rw-r--r-- | roles/mastodon/defaults/main.yml | 4 | ||||
-rw-r--r-- | roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/roles/mastodon/defaults/main.yml b/roles/mastodon/defaults/main.yml index a166350..cc879f7 100644 --- a/roles/mastodon/defaults/main.yml +++ b/roles/mastodon/defaults/main.yml @@ -23,3 +23,7 @@ mastodon_streaming_port: 8009 mastodon_sysaccount_username: mastodon mastodon_login_cidrs: [] + +# Leaving anonymous access *disabled* by default until this issue is resolved: +# https://github.com/mastodon/mastodon/issues/22620 +mastodon_disallow_unauthenticated_api_access: yes diff --git a/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 b/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 index 03af34a..b28a94b 100644 --- a/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 +++ b/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 @@ -7,6 +7,8 @@ WEB_DOMAIN={{ mastodon_web_domain }} DEFAULT_LOCALE={{ mastodon_default_locale }} +DISALLOW_UNAUTHENTICATED_API_ACCESS={{ mastodon_disallow_unauthenciated_api_access | bool | to_json }} + # Redis # ----- REDIS_HOST=localhost |