Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Merge pull request from GHSA-3fjr-858r-92rw

Browse source 
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
This commit is contained in:
Claire 2024-02-01 15:56:46 +01:00 committed by GitHub
parent 9cdc60ecc6
commit 1726085db5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 37 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

17
app/services/activitypub/fetch_remote_key_service.rb
View file

@ -6,23 +6,10 @@ class ActivityPub::FetchRemoteKeyService < BaseService
class Error < StandardError; end
# Returns actor that owns the key
def call(uri, id: true, prefetched_body: nil, suppress_errors: true)
def call(uri, suppress_errors: true)
raise Error, 'No key URI given' if uri.blank?
if prefetched_body.nil?
if id
@json = fetch_resource_without_id_validation(uri)
if actor_type?
@json = fetch_resource(@json['id'], true)
elsif uri != @json['id']
raise Error, "Fetched URI #{uri} has wrong id #{@json['id']}"
end
else
@json = fetch_resource(uri, id)
end
else
@json = body_to_json(prefetched_body, compare_id: id ? uri : nil)
end
@json = fetch_resource(uri, false)
raise Error, "Unable to fetch key JSON at #{uri}" if @json.nil?
raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context?(@json)