gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge pull request from GHSA-3fjr-858r-92rw

Browse source 
* Fix insufficient origin validation

* Bump version to v4.2.5
This commit is contained in:
Claire 2024-02-01 15:56:46 +01:00 committed by GitHub
parent 4633bb8ce0
commit a6641f828b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 47 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/services/fetch_resource_service.rb
View file

@ -48,7 +48,15 @@ class FetchResourceService < BaseService
body = response.body_with_limit
json = body_to_json(body)
[json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
return unless supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json))
if json['id'] != @url
return if terminal
return process(json['id'], terminal: true)
end
[@url, { prefetched_body: body }]
elsif !terminal
link_header = response['Link'] && parse_link_header(response)