Switch secure_mode to a filter

activitypub.php

@@ -25,6 +25,7 @@ function init() {
 	\defined( 'ACTIVITYPUB_HASHTAGS_REGEXP' ) || \define( 'ACTIVITYPUB_HASHTAGS_REGEXP', '(?:(?<=\s)|(?<=<p>)|(?<=<br>)|^)#([A-Za-z0-9_]+)(?:(?=\s|[[:punct:]]|$))' );
 	\defined( 'ACTIVITYPUB_USERNAME_REGEXP' ) || \define( 'ACTIVITYPUB_USERNAME_REGEXP', '(?:([A-Za-z0-9_-]+)@((?:[A-Za-z0-9_-]+\.)+[A-Za-z]+))' );
 	\defined( 'ACTIVITYPUB_CUSTOM_POST_CONTENT' ) || \define( 'ACTIVITYPUB_CUSTOM_POST_CONTENT', "<p><strong>[ap_title]</strong></p>\n\n[ap_content]\n\n<p>[ap_hashtags]</p>\n\n<p>[ap_shortlink]</p>" );
+	\defined( 'ACTIVITYPUB_SECURE_MODE' ) || \define( 'ACTIVITYPUB_SECURE_MODE', apply_filters( 'activitypub_secure_mode', $value = false ) );
 
 	\define( 'ACTIVITYPUB_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
 	\define( 'ACTIVITYPUB_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );

includes/class-activitypub.php

@@ -78,7 +78,7 @@ class Activitypub {
 			\in_array( 'application/ld+json', $accept, true ) ||
 			\in_array( 'application/json', $accept, true )
 		) {
-			if ( \get_option( 'activitypub_use_secure_mode', '0' ) ) {
+			if ( ACTIVITYPUB_SECURE_MODE ) {
 				$verification = Signature::verify_http_signature( $_SERVER );
 				if ( \is_wp_error( $verification ) ) {
 					// fallback as template_loader can't return http headers

includes/class-admin.php

@@ -144,15 +144,15 @@ class Admin {
 				'default'      => array( 'post', 'pages' ),
 			)
 		);
-		\register_setting(
-			'activitypub',
-			'activitypub_use_secure_mode',
-			array(
-				'type' => 'boolean',
-				'description' => \__( 'Secure mode allows blocking servers from fetching public activities', 'activitypub' ),
-				'default' => 0,
-			)
-		);
+		// \register_setting(
+		// 	'activitypub',
+		// 	'activitypub_use_secure_mode',
+		// 	array(
+		// 		'type' => 'boolean',
+		// 		'description' => \__( 'Secure mode allows blocking servers from fetching public activities', 'activitypub' ),
+		// 		'default' => 0,
+		// 	)
+		// );
 	}
 
 	public static function schedule_migration() {

includes/rest/class-server.php

@@ -94,7 +94,7 @@ class Server {
 		} else {
 			if ( '/activitypub/1.0/webfinger' !== $route ) {
 				// SecureMode/Authorized fetch.
-				if ( \get_option( 'activitypub_use_secure_mode', '0' ) ) {
+				if ( ACTIVITYPUB_SECURE_MODE ) {
 					$verified_request = Signature::verify_http_signature( $request );
 					if ( \is_wp_error( $verified_request ) ) {
 						return $verified_request;

templates/settings.php

@@ -171,7 +171,7 @@
 			</tbody>
 		</table>
 
-		<table class="form-table">
+		<!-- <table class="form-table">
 			<tbody>
 				<tr>
 					<th scope="row">
@@ -179,12 +179,12 @@
 					</th>
 					<td>
 						<p>
-							<label><input type="checkbox" name="activitypub_use_secure_mode" id="activitypub_use_secure_mode" value="1" <?php echo \checked( '1', \get_option( 'activitypub_use_secure_mode', '0' ) ); ?> /> <?php echo wp_kses( \__( 'In secure mode every ActivityPub request must be signed. This disallows anonymous requests and prevents serving content to servers listed in the Blocklist.', 'activitypub' ), 'default' ); ?></label>
+							<label><input type="checkbox" name="activitypub_use_secure_mode" id="activitypub_use_secure_mode" value="1" <?php echo \checked( '1', \get_option( 'activitypub_use_secure_mode', '0' ) ); ?> /> <?php echo wp_kses( \__( 'In secure mode every ActivityPub request must be signed. This disallows anonymous requests and prevents serving content to servers listed in the Blocklist. WARNING this disallows caching so will affect server performance', 'activitypub' ), 'default' ); ?></label>
 						</p>
 					</td>
 				</tr>
 			</tbody>
-		</table>
+		</table> -->
 
 		<?php \do_settings_fields( 'activitypub', 'server' ); ?>