Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)

Fix #7087 The same data is available over the ActivityPub outbox, RSS, and Atom, so there is little benefit to keeping it limited in this method.

Allow unauthenticated REST API access to GET /api/v1/accounts/:id/statuses (#9573)
108b2139 · Eugen Rochko · GitHub · 8389b496 · 108b2139
Unverified Commit 108b2139 authored 6 years ago by Eugen Rochko Committed by GitHub 6 years ago
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
 # frozen_string_literal: true

 class Api::V1::Accounts::StatusesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
+  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
  before_action :set_account
  after_action :insert_pagination_headers