about summary refs log tree commit diff
path: root/app/services/pubsubhubbub
diff options
context:
space:
mode:
authorEugen <eugen@zeonfederated.com>2017-04-25 02:47:31 +0200
committerGitHub <noreply@github.com>2017-04-25 02:47:31 +0200
commit17c591ffba59bda512fe43a09c06c40324acc472 (patch)
treec03ba1c23b0adf46230b3b97b62efb018c26ded5 /app/services/pubsubhubbub
parentbb04a9be52e005fb8bbeef22e5b8d30f0d202903 (diff)
Punycode URI normalization (#2370)
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI

* Add test for IDN request in FetchLinkCardService

* Perform IDN normalization on domains before they are stored in the DB
Diffstat (limited to 'app/services/pubsubhubbub')
-rw-r--r--app/services/pubsubhubbub/subscribe_service.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/pubsubhubbub/subscribe_service.rb b/app/services/pubsubhubbub/subscribe_service.rb
index bf36e3fa6..3642b4eca 100644
--- a/app/services/pubsubhubbub/subscribe_service.rb
+++ b/app/services/pubsubhubbub/subscribe_service.rb
@@ -4,7 +4,7 @@ class Pubsubhubbub::SubscribeService < BaseService
   def call(account, callback, secret, lease_seconds)
     return ['Invalid topic URL',        422] if account.nil?
     return ['Invalid callback URL',     422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/
-    return ['Callback URL not allowed', 403] if DomainBlock.blocked?(Addressable::URI.parse(callback).host)
+    return ['Callback URL not allowed', 403] if DomainBlock.blocked?(Addressable::URI.parse(callback).normalize.host)
 
     subscription = Subscription.where(account: account, callback_url: callback).first_or_create!(account: account, callback_url: callback)
     Pubsubhubbub::ConfirmationWorker.perform_async(subscription.id, 'subscribe', secret, lease_seconds)