From 40a40537326aa168d20324bd8bd0e979d5083570 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 14 Feb 2017 04:01:02 +0100 Subject: Disable PuSH for blocked domains --- app/services/pubsubhubbub/subscribe_service.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'app/services') diff --git a/app/services/pubsubhubbub/subscribe_service.rb b/app/services/pubsubhubbub/subscribe_service.rb index 343376d77..bf36e3fa6 100644 --- a/app/services/pubsubhubbub/subscribe_service.rb +++ b/app/services/pubsubhubbub/subscribe_service.rb @@ -2,8 +2,9 @@ class Pubsubhubbub::SubscribeService < BaseService def call(account, callback, secret, lease_seconds) - return ['Invalid topic URL', 422] if account.nil? - return ['Invalid callback URL', 422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/ + return ['Invalid topic URL', 422] if account.nil? + return ['Invalid callback URL', 422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/ + return ['Callback URL not allowed', 403] if DomainBlock.blocked?(Addressable::URI.parse(callback).host) subscription = Subscription.where(account: account, callback_url: callback).first_or_create!(account: account, callback_url: callback) Pubsubhubbub::ConfirmationWorker.perform_async(subscription.id, 'subscribe', secret, lease_seconds) -- cgit