From 5265df0a8a9d66a88cbb45bff5e9316a357e934a Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 3 Feb 2020 17:48:23 +0100 Subject: Change signature verification to ignore signatures with invalid host (#13033) Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011 --- app/controllers/concerns/signature_verification.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/controllers') diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index ce353f1de..10efbf2e0 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -160,6 +160,8 @@ module SignatureVerification account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false) } account end + rescue Mastodon::HostValidationError + nil end def stoplight_wrap_request(&block) -- cgit