Disable providers of user and status metadata when instance is private

3 files changed, 22 insertions, 2 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f57e191fa..496c78ffe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## unreleased-patch - ???
 
+### Security
+- Fix metadata leak for accounts and statuses on private instances
+
 ### Added
 
 - Rich media failure tracking (along with `:failure_backoff` option)
diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex
index e45e74e7b..0f0b56321 100644
--- a/lib/pleroma/web/metadata.ex
+++ b/lib/pleroma/web/metadata.ex
@@ -8,8 +8,8 @@ defmodule Pleroma.Web.Metadata do
   def build_tags(params) do
     providers = [
       Pleroma.Web.Metadata.Providers.RestrictIndexing,
-      Pleroma.Web.Metadata.Providers.RelMe,
-      | Pleroma.Config.get([__MODULE__, :providers], [])
+      Pleroma.Web.Metadata.Providers.RelMe
+      | activated_providers()
     ]
 
     Enum.reduce(providers, "", fn parser, acc ->
@@ -43,4 +43,12 @@ defmodule Pleroma.Web.Metadata do
   def activity_nsfw?(_) do
     false
   end
+
+  defp activated_providers do
+    if Pleroma.Config.get!([:instance, :public]) do
+      Pleroma.Config.get([__MODULE__, :providers], [])
+    else
+      []
+    end
+  end
 end
diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs
index 3f8b29e58..4dd0d2f5c 100644
--- a/test/web/metadata/metadata_test.exs
+++ b/test/web/metadata/metadata_test.exs
@@ -22,4 +22,13 @@ defmodule Pleroma.Web.MetadataTest do
                "<meta content=\"noindex, noarchive\" name=\"robots\">"
     end
   end
+
+  describe "no metadata for private instances" do
+    test "for local user" do
+      Pleroma.Config.put([:instance, :public], false)
+      user = insert(:user, bio: "This is my secret fedi account bio")
+
+      assert "" = Pleroma.Web.Metadata.build_tags(%{user: user})
+    end
+  end
 end