Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add ActivityPub secure mode (#11269)

Browse source 
* Add HTTP signature requirement for served ActivityPub resources

* Change `SECURE_MODE` to `AUTHORIZED_FETCH`

* Add 'Signature' to 'Vary' header and improve code style

* Improve code style by adding `public_fetch_mode?` method
This commit is contained in:
Eugen Rochko 2019-07-11 20:11:09 +02:00 committed by GitHub
parent 4e1260feaa
commit 5bf67ca913
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 89 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/activitypub/outboxes_controller.rb
View file

@ -6,12 +6,12 @@ class ActivityPub::OutboxesController < Api::BaseController
include SignatureVerification
include AccountOwnedConcern
before_action :require_signature!, if: :authorized_fetch_mode?
before_action :set_statuses
before_action :set_cache_headers
def show
expires_in 1.minute, public: true unless page_requested?
expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
end