post/nas
1
0
Fork 0
forked from gitea/nas
Code Pull requests Activity

Fix: フレンドサーバー申請時、ドメインを偽装して無関係のInboxを指定できる脆弱性 (#932)

Browse source
This commit is contained in:
KMY(雪あすか) 2024-12-04 12:03:18 +09:00 committed by GitHub
parent 4a3c2d7ed7
commit 43819a8c02
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 20 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
spec/models/friend_domain_spec.rb
View file

@ -21,7 +21,6 @@ RSpec.describe FriendDomain do
type: 'Follow',
actor: 'https://cb6e6126.ngrok.io/actor',
object: 'https://www.w3.org/ns/activitystreams#Public',
inboxUrl: 'https://cb6e6126.ngrok.io/inbox',
}))).to have_been_made.once
end
end