Public keys are not (any more) public #28898
Labels
type/proposal
The new feature has not been accepted yet but needs to be discussed first.
Comments
|
I think the behavior is "fixed" by a PR, because your user's visibility is not "public". IIRC it is a suggested "security/privacy" fix. Will try to find the PR ... |
|
This one: Dont leak private users via extensions (#28023) |
|
Thank you! Can somebody convert this to a feature request please? |
delvh
added
type/proposal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Starting from some of recent releases user's public keys have different visibility as before.
Previously pages like https://try.gitea.io/f403.keys were visible for anybody ignoring user's visibility settings.
Now it returns 404 for users with "limited" or "private" visibility, if requested by guests. This breaks pipelines relying on Gitea.
I couldn't find in the changelog anything about public keys, is this a bug or a feature?
If this is a desired behavior, I'd like to suggest an option in user settings to make public keys public even for limited/private accounts.
Gitea Version
1.21.3
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
Docker / https://try.gitea.io/
Database
MySQL/MariaDB
The text was updated successfully, but these errors were encountered: