gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge pull request from GHSA-3fjr-858r-92rw

Browse source 
* Fix insufficient origin validation

* Bump version to v4.2.5
This commit is contained in:
Claire 2024-02-01 15:56:46 +01:00 committed by GitHub
parent 4633bb8ce0
commit a6641f828b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 47 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/concerns/signature_verification.rb
View file

@ -266,7 +266,7 @@ module SignatureVerification
stoplight_wrap_request { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) }
elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
account = ActivityPub::TagManager.instance.uri_to_actor(key_id)
account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false, suppress_errors: false) }
account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
account
end
rescue Mastodon::PrivateNetworkAddressError => e