diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-03-25 16:22:39 -0400 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2025-03-25 16:22:39 -0400 |
| commit | 76b1cf0526cbd5e5eea650848cd7d46d6061c69b (patch) | |
| tree | daa3194cc811190440238bc915f859ca6bfd083c /packages/backend/src | |
| parent | Merge branch 'misskey-develop' into merge/2025-03-24 (diff) | |
| download | sharkey-76b1cf0526cbd5e5eea650848cd7d46d6061c69b.tar.gz sharkey-76b1cf0526cbd5e5eea650848cd7d46d6061c69b.tar.bz2 sharkey-76b1cf0526cbd5e5eea650848cd7d46d6061c69b.zip | |
remerge: auto-approve and allow unsigned fetch for system users
Diffstat (limited to 'packages/backend/src')
| -rw-r--r-- | packages/backend/src/core/SystemAccountService.ts | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/packages/backend/src/core/SystemAccountService.ts b/packages/backend/src/core/SystemAccountService.ts index 1e050c3054..dc10191497 100644 --- a/packages/backend/src/core/SystemAccountService.ts +++ b/packages/backend/src/core/SystemAccountService.ts @@ -114,6 +114,12 @@ export class SystemAccountService { isExplorable: false, isBot: true, name: extra.name, + // System accounts are automatically approved. + approved: true, + // We always allow requests to system accounts to avoid federation infinite loop. + // When a remote instance needs to check our signature on a request we sent, it will need to fetch information about the user that signed it (which is our instance actor). + // If we try to check their signature on *that* request, we'll fetch *their* instance actor... leading to an infinite recursion + allowUnsignedFetch: 'always', }).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0])); await transactionalEntityManager.insert(MiUserKeypair, { |