diff options
| author |  kim <grufwub@gmail.com> | 2025-09-17 14:16:53 +0200 |
|---|---|---|
| committer |  kim <gruf@noreply.codeberg.org> | 2025-09-17 14:16:53 +0200 |
| commit | 6801ce299a3a0016bae08ee8f64602aeb0274659 (patch) | |
| tree | ee7d1d15e05794b2f0383d076dd7c51fafc70dad /internal/config/config.go | |
| parent | [bugfix/frontend] Use correct account domain in move account helper (#4440) (diff) | |
| download | gotosocial-6801ce299a3a0016bae08ee8f64602aeb0274659.tar.xz | |
[chore] remove nollamas middleware for now (after discussions with a security advisor) (#4433)
i'll keep this on a separate branch for now while i experiment with other possible alternatives, but for now both our hacky implementation especially, and more popular ones (like anubis) aren't looking too great on the deterrent front: https://github.com/eternal-flame-AD/pow-buster
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4433
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
Diffstat (limited to 'internal/config/config.go')
| -rw-r--r-- | internal/config/config.go | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/internal/config/config.go b/internal/config/config.go index 3cab53732..8768584fa 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -279,13 +279,12 @@ type CacheConfiguration struct { } type AdvancedConfig struct { - CookiesSamesite string `name:"cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"` - SenderMultiplier int `name:"sender-multiplier" usage:"Multiplier to use per cpu for batching outgoing fedi messages. 0 or less turns batching off (not recommended)."` - CSPExtraURIs []string `name:"csp-extra-uris" usage:"Additional URIs to allow when building content-security-policy for media + images."` - HeaderFilterMode string `name:"header-filter-mode" usage:"Set incoming request header filtering mode."` - RateLimit RateLimitConfig `name:"rate-limit"` - Throttling ThrottlingConfig `name:"throttling"` - ScraperDeterrence ScraperDeterrenceConfig `name:"scraper-deterrence"` + CookiesSamesite string `name:"cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"` + SenderMultiplier int `name:"sender-multiplier" usage:"Multiplier to use per cpu for batching outgoing fedi messages. 0 or less turns batching off (not recommended)."` + CSPExtraURIs []string `name:"csp-extra-uris" usage:"Additional URIs to allow when building content-security-policy for media + images."` + HeaderFilterMode string `name:"header-filter-mode" usage:"Set incoming request header filtering mode."` + RateLimit RateLimitConfig `name:"rate-limit"` + Throttling ThrottlingConfig `name:"throttling"` } type RateLimitConfig struct { @@ -297,8 +296,3 @@ type ThrottlingConfig struct { Multiplier int `name:"multiplier" usage:"Multiplier to use per cpu for http request throttling. 0 or less turns throttling off."` RetryAfter time.Duration `name:"retry-after" usage:"Retry-After duration response to send for throttled requests."` } - -type ScraperDeterrenceConfig struct { - Enabled bool `name:"enabled" usage:"Enable proof-of-work based scraper deterrence on profile / status pages"` - Difficulty uint32 `name:"difficulty" usage:"The proof-of-work difficulty, which determines roughly how many hash-encode rounds required of each client."` -} |