From 802cf6a4c53175c7da17ded39cf75679fa352385 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 22 Aug 2018 20:55:14 +0200 Subject: Improve federated ID validation (#8372) * Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible --- app/services/activitypub/fetch_remote_account_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/services/activitypub/fetch_remote_account_service.rb') diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb index 41fec9170..1ec9ee5dd 100644 --- a/app/services/activitypub/fetch_remote_account_service.rb +++ b/app/services/activitypub/fetch_remote_account_service.rb @@ -11,7 +11,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService @json = if prefetched_body.nil? fetch_resource(uri, id) else - body_to_json(prefetched_body) + body_to_json(prefetched_body, compare_id: id ? uri : nil) end return if !supported_context? || !expected_type? || (break_on_redirect && @json['movedTo'].present?) -- cgit