From 4f4085cf64a483f087e2399f2125f888373d021b Mon Sep 17 00:00:00 2001
From: Tomas Pinkas <tp@tomaspinkas.com>
Date: Wed, 20 May 2026 20:33:02 +0200
Subject: [PATCH] fix: remove profile subdomain alert side channel

---
 lib/algora_web/endpoint.ex                      |  1 -
 .../controllers/endpoint_subdomain_test.exs     | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 test/algora_web/controllers/endpoint_subdomain_test.exs

diff --git a/lib/algora_web/endpoint.ex b/lib/algora_web/endpoint.ex
index b4eabc806..8497d8d65 100644
--- a/lib/algora_web/endpoint.ex
+++ b/lib/algora_web/endpoint.ex
@@ -124,7 +124,6 @@ defmodule AlgoraWeb.Endpoint do
         conn.request_path
 
       _user ->
-        Algora.Activities.alert("👀 Someone is viewing https://#{sub}.algora.io", :critical)
         Path.join(["/#{sub}/candidates", conn.request_path])
     end
   end
diff --git a/test/algora_web/controllers/endpoint_subdomain_test.exs b/test/algora_web/controllers/endpoint_subdomain_test.exs
new file mode 100644
index 000000000..ad5afb283
--- /dev/null
+++ b/test/algora_web/controllers/endpoint_subdomain_test.exs
@@ -0,0 +1,17 @@
+defmodule AlgoraWeb.EndpointSubdomainTest do
+  use AlgoraWeb.ConnCase, async: true
+
+  import Algora.Factory
+
+  test "known profile subdomains redirect without creating a critical activity", %{conn: conn} do
+    insert!(:user, handle: "acme")
+
+    conn =
+      conn
+      |> Map.put(:host, "acme.algora.io")
+      |> get("/jobs")
+
+    assert redirected_to(conn, 301) == "http://localhost/acme/candidates/jobs"
+    assert_activity_names([])
+  end
+end