mirror of
https://activitypub.software/TransFem-org/Sharkey
synced 2024-11-21 13:35:12 +00:00
fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities
This commit is contained in:
parent
9090b745e6
commit
1e14612f0e
1 changed files with 4 additions and 0 deletions
|
@ -100,6 +100,10 @@ export class ApInboxService {
|
|||
const resolver = this.apResolverService.createResolver();
|
||||
for (const item of toArray(isCollection(activity) ? activity.items : activity.orderedItems)) {
|
||||
const act = await resolver.resolve(item);
|
||||
if (act.id == null || this.utilityService.extractDbHost(act.id) !== this.utilityService.extractDbHost(actor.uri)) {
|
||||
this.logger.debug('skipping activity: activity id is null or mismatching');
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
results.push([getApId(item), await this.performOneActivity(actor, act)]);
|
||||
} catch (err) {
|
||||
|
|
Loading…
Reference in a new issue