diff options
author | Claire <claire.github-309c@sitedethib.com> | 2022-12-07 00:15:24 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-07 00:15:24 +0100 |
commit | c8849d6ceecfdb9c18284fcc57a7e29019b4cd05 (patch) | |
tree | 13d33d7d66d6e996f9138ee733dba0e367f52f9a /app/services/activitypub/fetch_remote_actor_service.rb | |
parent | 98a9347dd735f1d7040175d243b8af8ac3a4ebca (diff) |
Fix unbounded recursion in account discovery (#22025)
* Fix trying to fetch posts from other users when fetching featured posts * Rate-limit discovery of new subdomains * Put a limit on recursively discovering new accounts
Diffstat (limited to 'app/services/activitypub/fetch_remote_actor_service.rb')
-rw-r--r-- | app/services/activitypub/fetch_remote_actor_service.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/services/activitypub/fetch_remote_actor_service.rb b/app/services/activitypub/fetch_remote_actor_service.rb index db09c38d8..a25fa54c4 100644 --- a/app/services/activitypub/fetch_remote_actor_service.rb +++ b/app/services/activitypub/fetch_remote_actor_service.rb @@ -10,7 +10,7 @@ class ActivityPub::FetchRemoteActorService < BaseService SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze # Does a WebFinger roundtrip on each call, unless `only_key` is true - def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true) + def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil) return if domain_not_allowed?(uri) return ActivityPub::TagManager.instance.uri_to_actor(uri) if ActivityPub::TagManager.instance.local_uri?(uri) @@ -35,7 +35,7 @@ class ActivityPub::FetchRemoteActorService < BaseService check_webfinger! unless only_key - ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key) + ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key, request_id: request_id) rescue Error => e Rails.logger.debug "Fetching actor #{uri} failed: #{e.message}" raise unless suppress_errors |