Merge pull request from GHSA-hcqf-fw2r-52g4

* Revert "Fix request URL normalisation for bare domain and 8-bit characters (#26285)" This reverts commit 8891d8945d. * Revert "Do not normalize URL before fetching it (#26219)" This reverts commit fd284311e7.
2023-09-19 16:52:52 +02:00 · 2023-09-19 16:52:52 +02:00 · 94893cf24f
commit 94893cf24f
parent 73ecc4de6e
3 changed files with 4 additions and 202 deletions
--- a/spec/controllers/concerns/signature_verification_spec.rb
+++ b/spec/controllers/concerns/signature_verification_spec.rb
@ -129,37 +129,6 @@ describe SignatureVerification do
      end
    end

-    context 'with non-normalized URL' do
-      before do
-        get :success
-
-        fake_request = Request.new(:get, 'http://test.host/subdir/../success')
-        fake_request.on_behalf_of(author)
-
-        request.headers.merge!(fake_request.headers)
-
-        allow(controller).to receive(:actor_refresh_key!).and_return(author)
-      end
-
-      describe '#build_signed_string' do
-        it 'includes the normalized request path' do
-          expect(controller.send(:build_signed_string)).to start_with "(request-target): get /success\n"
-        end
-      end
-
-      describe '#signed_request?' do
-        it 'returns true' do
-          expect(controller.signed_request?).to be true
-        end
-      end
-
-      describe '#signed_request_actor' do
-        it 'returns an account' do
-          expect(controller.signed_request_account).to eq author
-        end
-      end
-    end
-
    context 'with request with unparsable Date header' do
      before do
        get :success
@ -233,7 +202,7 @@ describe SignatureVerification do

        request.headers.merge!(fake_request.headers)

-        stub_request(:get, 'http://localhost:5000/actor').to_raise(Mastodon::HostValidationError)
+        stub_request(:get, 'http://localhost:5000/actor#main-key').to_raise(Mastodon::HostValidationError)
      end

      describe '#signed_request?' do