diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2021-05-01 23:18:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-01 23:18:59 +0200 |
commit | f627d2eb938d220eb767b0211b66b4281c921f75 (patch) | |
tree | 8aab7958735911883efa8a8e86f968f90204a84b | |
parent | 422df9d670dea235089e5d0732f50bc45bd3d673 (diff) |
Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)
-rw-r--r-- | app/helpers/jsonld_helper.rb | 2 | ||||
-rw-r--r-- | app/services/activitypub/fetch_remote_key_service.rb | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb index 1c473efa3..62eb50f78 100644 --- a/app/helpers/jsonld_helper.rb +++ b/app/helpers/jsonld_helper.rb @@ -67,7 +67,7 @@ module JsonLdHelper unless id json = fetch_resource_without_id_validation(uri, on_behalf_of) - return unless json + return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id']) uri = json['id'] end diff --git a/app/services/activitypub/fetch_remote_key_service.rb b/app/services/activitypub/fetch_remote_key_service.rb index df17d9079..c48288b3b 100644 --- a/app/services/activitypub/fetch_remote_key_service.rb +++ b/app/services/activitypub/fetch_remote_key_service.rb @@ -5,6 +5,8 @@ class ActivityPub::FetchRemoteKeyService < BaseService # Returns account that owns the key def call(uri, id: true, prefetched_body: nil) + return if uri.blank? + if prefetched_body.nil? if id @json = fetch_resource_without_id_validation(uri) |