Forbid interactions with reblogs in /api/v1/statuses/:id endpoints

Fixes #23095, #37999
2026-04-24 23:29:30 -05:00 · 2026-02-27 15:47:46 +01:00 · 2026-02-27 15:47:46 +01:00 · 6aefa51465
commit 6aefa51465
parent 1e5cad072e
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/api/v1/statuses/base_controller.rb
+++ b/app/controllers/api/v1/statuses/base_controller.rb
@ -12,5 +12,7 @@ class Api::V1::Statuses::BaseController < Api::BaseController
    authorize @status, :show?
  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
+  else
+    render json: { error: 'This operation is not allowed on reblogs' }, status: 400 if @status.reblog?
  end
 end