Merge pull request from GHSA-3fjr-858r-92rw

* Fix insufficient origin validation * Bump version to 4.3.0-alpha.1
author: Claire <claire.github-309c@sitedethib.com> 2024-02-01 15:56:46 +0100
committer: Starfall <us@starfall.systems> 2024-02-01 14:41:00 -0600
commit: 8f6a0c2cc87d4515ffa3be0ab8768ced5dcb5850 (patch)
tree: cca832f1cc0077bb8641cac74d89dbcc996350e2 /app/services/fetch_resource_service.rb
parent: 10d676b5a82841e3739fa8921499a394e49c3303 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/app/services/fetch_resource_service.rb b/app/services/fetch_resource_service.rb
index 4470fca01..c6f382876 100644
--- a/app/services/fetch_resource_service.rb
+++ b/app/services/fetch_resource_service.rb
@@ -47,7 +47,15 @@ class FetchResourceService < BaseService
       body = response.body_with_limit
       json = body_to_json(body)
 
-      [json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
+      return unless supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
+
+      if json['id'] != @url
+        return if terminal
+
+        return process(json['id'], terminal: true)
+      end
+
+      [@url, { prefetched_body: body }]
     elsif !terminal
       link_header = response['Link'] && parse_link_header(response)
author	Claire <claire.github-309c@sitedethib.com>	2024-02-01 15:56:46 +0100
committer	Starfall <us@starfall.systems>	2024-02-01 14:41:00 -0600
commit	8f6a0c2cc87d4515ffa3be0ab8768ced5dcb5850 (patch)
tree	cca832f1cc0077bb8641cac74d89dbcc996350e2 /app/services/fetch_resource_service.rb
parent	10d676b5a82841e3739fa8921499a394e49c3303 (diff)