[bug] Public timeline but no public statuses?

[mbirth]

Describe the bug with a clear and concise description of what the bug is.

With instance-expose-public-timeline set, public posts are still not available via the /api/v1/statuses/ endpoint without authorisation.

What's your GoToSocial Version?

0.17.3+git-6f4cb2f

GoToSocial Arch

arm64/Docker

What happened?

I've configured instance-expose-public-timeline which works as expected. I'm using https://github.com/elk-zone/elk as a frontend and it now shows my GtS server's public timeline without the need to log into an account.

However, when clicking a single status from someone, Elk tries to load e.g. /api/v1/statuses/01JJ54TJW80C1JFG1EQYY2Y3F0 and GtS returns a 401 Unauthorized error - even though this post is public and was just shown in the public timeline.

What you expected to happen?

GtS should return single posts that appear on the public timeline without needing any authentication.

How to reproduce it?

• set instance-expose-public-timeline: true
• query /api/v1/timelines/public
• choose any of the returned posts and note its id
• query /api/v1/statuses/<id>
• notice the 401 Unauthorized: token not supplied error

Anything else we need to know?

No response

[tsmethurst]

Thanks for opening. This is because the instance-expose-public-timeline indeed only exposes the timeline endpoint itself, not the individual status endpoints or the context endpoints. I suppose we could consider changing this behavior a bit, but it's not really a priority right at this minute.

[mbirth]

That's totally fine. Just wanted to have it documented. 🙂