[chore] remove nollamas middleware for now (after discussions with a security advisor) (#4433)

i'll keep this on a separate branch for now while i experiment with other possible alternatives, but for now both our hacky implementation especially, and more popular ones (like anubis) aren't looking too great on the deterrent front: https://github.com/eternal-flame-AD/pow-buster Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4433 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-10-28 16:12:25 -05:00 · 2025-09-17 14:16:53 +02:00 · 2025-09-17 14:16:53 +02:00 · 6801ce299a
commit 6801ce299a
parent 247733aef4
28 changed files with 207 additions and 1395 deletions
--- a/docs/configuration/advanced.md
+++ b/docs/configuration/advanced.md
@ -182,23 +182,4 @@ advanced-csp-extra-uris: []
 # Options: ["block", "allow", ""]
 # Default: ""
 advanced-header-filter-mode: ""
-
-# Bool. Enables a proof-of-work based deterrence against scrapers
-# on profile and status web pages. This will generate a unique but
-# deterministic challenge for each HTTP client to complete before
-# accessing the above mentioned endpoints, on success being given
-# a cookie that permits challenge-less access within a 1hr window.
-#
-# The outcome of this is that it should make scraping of these
-# endpoints economically unfeasible, while having a negligible
-# performance impact on your own instance.
-#
-# The downside is that it requires javascript to be enabled.
-#
-# For more details please check the documentation at:
-# https://docs.gotosocial.org/en/latest/admin/scraper_deterrence
-#
-# Options: [true, false]
-# Default: true
-advanced-scraper-deterrence: false
 ```