etc/Sharkey
0
0
Fork 0
mirror of https://activitypub.software/TransFem-org/Sharkey synced 2024-11-21 21:45:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

Browse source
This commit is contained in:
Laura Hausmann 2024-10-24 04:11:35 +02:00 committed by Julia Johannesen
parent 9090b745e6
commit 1e14612f0e
No known key found for this signature in database
GPG key ID: 4A1377AF3E7FBC46
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/core/activitypub/ApInboxService.ts
View file

@ -100,6 +100,10 @@ export class ApInboxService {
const resolver = this.apResolverService.createResolver(); const resolver = this.apResolverService.createResolver();
for (const item of toArray(isCollection(activity) ? activity.items : activity.orderedItems)) { for (const item of toArray(isCollection(activity) ? activity.items : activity.orderedItems)) {
const act = await resolver.resolve(item); const act = await resolver.resolve(item);
if (act.id == null || this.utilityService.extractDbHost(act.id) !== this.utilityService.extractDbHost(actor.uri)) {
this.logger.debug('skipping activity: activity id is null or mismatching');
continue;
}
try { try {
results.push([getApId(item), await this.performOneActivity(actor, act)]); results.push([getApId(item), await this.performOneActivity(actor, act)]);
} catch (err) { } catch (err) {