Change signature verification to ignore signatures with invalid host (#13033)

Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
author: Eugen Rochko <eugen@zeonfederated.com> 2020-02-03 17:48:23 +0100
committer: multiple creatures <dev@multiple-creature.party> 2020-02-20 23:08:31 -0600
commit: 62a60cb282cec58cdbc0b5bded99d0a5a76ceb22 (patch)
tree: 4cd055bb30f920f0202d3e3ecd7374b253376917 /app/controllers
parent: 14a5d249ad2ad78f00699bbab9062b3ea88ec93c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index e58f684e7..3c4903904 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -159,6 +159,8 @@ module SignatureVerification
       account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false) }
       account
     end
+  rescue Mastodon::HostValidationError
+    nil
   end
 
   def stoplight_wrap_request(&block)
author	Eugen Rochko <eugen@zeonfederated.com>	2020-02-03 17:48:23 +0100
committer	multiple creatures <dev@multiple-creature.party>	2020-02-20 23:08:31 -0600
commit	62a60cb282cec58cdbc0b5bded99d0a5a76ceb22 (patch)
tree	4cd055bb30f920f0202d3e3ecd7374b253376917 /app/controllers
parent	14a5d249ad2ad78f00699bbab9062b3ea88ec93c (diff)