woem.men/forkey
4
2
Fork 3
Code Issues 34 Pull requests 16 Projects Releases Packages Wiki Activity Actions

fix(ActivityPub): リモートサーバーのリダイレクトを信頼する (MisskeyIO#860)

Browse source
This commit is contained in:
あわわわとーにゅ 2024-12-28 18:50:41 +09:00 committed by GitHub
parent 543325582c
commit 7c5e24c07c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 0 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
packages/backend/src/core/activitypub/ApResolverService.ts
View file

@ -120,18 +120,6 @@ export class Resolver {
throw new Error('invalid response'); throw new Error('invalid response');
} }
// HttpRequestService / ApRequestService have already checked that
// `object.id` or `object.url` matches the URL used to fetch the
// object after redirects; here we double-check that no redirects
// bounced between hosts
if (object.id == null) {
throw new Error('invalid AP object: missing id');
}
if (!this.utilityService.isRelatedUris(object.id, value)) {
throw new Error(`invalid AP object ${value}: id ${object.id} has unrelated host`);
}
return object; return object;
} }