look inside `url` when checking activity origin - #512 - sharkey

diff options

author	dakkar <dakkar@thenautilus.net>	2024-05-18 16:36:06 +0100
committer	dakkar <dakkar@thenautilus.net>	2024-05-18 16:48:10 +0100
commit	c05cc63e24c654e5e5d2d098e00a2aa669b61adf (patch)
tree	e56d3eda18886e93a54e93aec12e8076944ecc2e /packages/backend/src/server/api/ApiServerService.ts
parent	merge: allow overriding all string config values via env - fixes #465 (!476) (diff)
download	sharkey-c05cc63e24c654e5e5d2d098e00a2aa669b61adf.tar.gz sharkey-c05cc63e24c654e5e5d2d098e00a2aa669b61adf.tar.bz2 sharkey-c05cc63e24c654e5e5d2d098e00a2aa669b61adf.zip

look inside `url` when checking activity origin - #512

The previous assertion that: > if it's a complicated thing and the `activity.id` doesn't match, I > think we're fine rejecting the activity was wrong: at least peertube sends activities that have `url` as an array of objects. Notice that this does *not*, in fact, fix #512: the peertube activity does not contain its short URL (`https://example.com/w/someid`), so there's no way to confirm that it is the activity we requested.

Diffstat (limited to 'packages/backend/src/server/api/ApiServerService.ts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: