about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2021-05-01 23:18:59 +0200
committerGitHub <noreply@github.com>2021-05-01 23:18:59 +0200
commitf627d2eb938d220eb767b0211b66b4281c921f75 (patch)
tree8aab7958735911883efa8a8e86f968f90204a84b
parent422df9d670dea235089e5d0732f50bc45bd3d673 (diff)
Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)
-rw-r--r--app/helpers/jsonld_helper.rb2
-rw-r--r--app/services/activitypub/fetch_remote_key_service.rb2
2 files changed, 3 insertions, 1 deletions
diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb
index 1c473efa3..62eb50f78 100644
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@@ -67,7 +67,7 @@ module JsonLdHelper
     unless id
       json = fetch_resource_without_id_validation(uri, on_behalf_of)
 
-      return unless json
+      return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])
 
       uri = json['id']
     end
diff --git a/app/services/activitypub/fetch_remote_key_service.rb b/app/services/activitypub/fetch_remote_key_service.rb
index df17d9079..c48288b3b 100644
--- a/app/services/activitypub/fetch_remote_key_service.rb
+++ b/app/services/activitypub/fetch_remote_key_service.rb
@@ -5,6 +5,8 @@ class ActivityPub::FetchRemoteKeyService < BaseService
 
   # Returns account that owns the key
   def call(uri, id: true, prefetched_body: nil)
+    return if uri.blank?
+
     if prefetched_body.nil?
       if id
         @json = fetch_resource_without_id_validation(uri)