From 6801ce299a3a0016bae08ee8f64602aeb0274659 Mon Sep 17 00:00:00 2001 From: kim Date: Wed, 17 Sep 2025 14:16:53 +0200 Subject: [chore] remove nollamas middleware for now (after discussions with a security advisor) (#4433) i'll keep this on a separate branch for now while i experiment with other possible alternatives, but for now both our hacky implementation especially, and more popular ones (like anubis) aren't looking too great on the deterrent front: https://github.com/eternal-flame-AD/pow-buster Co-authored-by: tobi Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4433 Co-authored-by: kim Co-committed-by: kim --- docs/configuration/advanced.md | 19 ------------------- 1 file changed, 19 deletions(-) (limited to 'docs/configuration/advanced.md') diff --git a/docs/configuration/advanced.md b/docs/configuration/advanced.md index 0b8b3183f..88f4aff67 100644 --- a/docs/configuration/advanced.md +++ b/docs/configuration/advanced.md @@ -182,23 +182,4 @@ advanced-csp-extra-uris: [] # Options: ["block", "allow", ""] # Default: "" advanced-header-filter-mode: "" - -# Bool. Enables a proof-of-work based deterrence against scrapers -# on profile and status web pages. This will generate a unique but -# deterministic challenge for each HTTP client to complete before -# accessing the above mentioned endpoints, on success being given -# a cookie that permits challenge-less access within a 1hr window. -# -# The outcome of this is that it should make scraping of these -# endpoints economically unfeasible, while having a negligible -# performance impact on your own instance. -# -# The downside is that it requires javascript to be enabled. -# -# For more details please check the documentation at: -# https://docs.gotosocial.org/en/latest/admin/scraper_deterrence -# -# Options: [true, false] -# Default: true -advanced-scraper-deterrence: false ``` -- cgit v1.2.3