From ccc99ac7617272d5e10686783154571c0a23b2bb Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 18 Nov 2024 14:00:32 -0700 Subject: [PATCH] Enabled authenticated media by default --- CHANGELOG.md | 4 ++++ common/config/conf_main.go | 2 +- config.sample.yaml | 8 ++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b02fbf8a..15962c9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] +### Changed + +* The global `repo.freezeUnauthenticatedMedia` option now defaults to `true`, enabling authenticated media by default. A future release will remove this option, requiring the freeze behaviour. See `config.sample.yaml` for details. + ### Fixed * Return a 404 instead of 500 when clients access media which is frozen. diff --git a/common/config/conf_main.go b/common/config/conf_main.go index 8b7e3ac6..41d81bc1 100644 --- a/common/config/conf_main.go +++ b/common/config/conf_main.go @@ -32,7 +32,7 @@ func NewDefaultMainConfig() MainRepoConfig { LogLevel: "info", TrustAnyForward: false, UseForwardedHost: true, - FreezeUnauthenticatedMedia: false, + FreezeUnauthenticatedMedia: true, }, Database: DatabaseConfig{ Postgres: "postgres://your_username:your_password@localhost/database_name?sslmode=disable", diff --git a/config.sample.yaml b/config.sample.yaml index 5e037828..dd9dc286 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -40,10 +40,10 @@ repo: # only be accessible over authenticated endpoints, though future media will be accessible on both # authenticated and unauthenticated media. # - # This flag currently defaults to false. A future release, likely in August 2024, will remove this flag - # and have the same effect as it being true (always on). This flag is primarily intended for servers to - # opt-in to the behaviour early. - freezeUnauthenticatedMedia: false + # This flag defaults to true. Previously it defauled to false. A future release, likely in 2025, will + # remove this flag and have the same effect as it being true (always on). This flag is primarily + # intended for servers to opt-out of the behaviour while they are still testing compatibility. + freezeUnauthenticatedMedia: true # Options for dealing with federation federation: