From b44abe0eaaeb85111d94046b182e03e67993a101 Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Fri, 13 Jun 2025 23:18:06 -0400 Subject: set X-Robots-Tag to disable indexing API endpoints --- packages/backend/src/server/ActivityPubServerService.ts | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'packages/backend/src/server/ActivityPubServerService.ts') diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index 41beadb56d..a362308b17 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -791,6 +791,10 @@ export class ActivityPubServerService { reply.header('Access-Control-Allow-Origin', '*'); reply.header('Access-Control-Expose-Headers', 'Vary'); + // Tell crawlers not to index AP endpoints. + // https://developers.google.com/search/docs/crawling-indexing/block-indexing + reply.header('X-Robots-Tag', 'noindex'); + /* tell any caching proxy that they should not cache these responses: we wouldn't want the proxy to return a 403 to someone presenting a valid signature, or return a cached -- cgit v1.2.3-freya From 1aeaee7f7ce4c573da899424f9dafa64fdabbe58 Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Wed, 18 Jun 2025 10:37:11 -0400 Subject: filter boosts out of pinned notes when federating --- packages/backend/src/server/ActivityPubServerService.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/backend/src/server/ActivityPubServerService.ts') diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index a362308b17..a4ac2375c0 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -571,7 +571,7 @@ export class ActivityPubServerService { const pinnedNotes = (await Promise.all(pinings.map(pining => this.notesRepository.findOneByOrFail({ id: pining.noteId })))) - .filter(note => !note.localOnly && ['public', 'home'].includes(note.visibility)); + .filter(note => !note.localOnly && ['public', 'home'].includes(note.visibility) && !isPureRenote(note)); const renderedNotes = await Promise.all(pinnedNotes.map(note => this.apRendererService.renderNote(note, user))); -- cgit v1.2.3-freya From 82b90d02ae965a08f747fae96c9f087c707d1435 Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Wed, 18 Jun 2025 10:37:30 -0400 Subject: don't allow boosts to be fetched as a note over AP --- packages/backend/src/server/ActivityPubServerService.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'packages/backend/src/server/ActivityPubServerService.ts') diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index a4ac2375c0..27d25d2152 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -33,7 +33,7 @@ import type Logger from '@/logger.js'; import { LoggerService } from '@/core/LoggerService.js'; import { bindThis } from '@/decorators.js'; import { IActivity, IAnnounce, ICreate } from '@/core/activitypub/type.js'; -import { isQuote, isRenote } from '@/misc/is-renote.js'; +import { isPureRenote, isQuote, isRenote } from '@/misc/is-renote.js'; import * as Acct from '@/misc/acct.js'; import { CacheService } from '@/core/CacheService.js'; import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions, FastifyBodyParser } from 'fastify'; @@ -842,6 +842,11 @@ export class ActivityPubServerService { return; } + // Boosts don't federate directly - they should only be referenced as an activity + if (isPureRenote(note)) { + return 404; + } + this.setResponseType(request, reply); const author = await this.usersRepository.findOneByOrFail({ id: note.userId }); -- cgit v1.2.3-freya