add same-authority check between fetched note and summary url

author: Hazelnoot <acomputerdog@gmail.com> 2025-05-05 10:37:04 -0400
committer: Hazelnoot <acomputerdog@gmail.com> 2025-05-08 11:05:15 -0400
commit: 1ac9625eea5a33544f2424bac6de6e94ffe0a4ad (patch)
tree: ac1f6ef2c4119b34d471b8534be209dc9a817d51 /packages/backend/src/server/web
parent: avoid fetching notes twice in UrlPreviewService (diff)
download: sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.tar.gz
sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.tar.bz2
sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index 4c40496305..15a4fc946f 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -297,7 +297,7 @@ export class UrlPreviewService {
 		// Finally, attempt a signed GET in case it's a direct link to an instance with authorized fetch.
 		const instanceActor = await this.systemAccountService.getInstanceActor();
 		const remoteObject = await this.apRequestService.signedGet(summary.url, instanceActor).catch(() => null);
-		if (remoteObject) {
+		if (remoteObject && this.apUtilityService.haveSameAuthority(remoteObject.id, summary.url)) {
 			summary.activityPub = remoteObject.id;
 			return;
 		}
author	Hazelnoot <acomputerdog@gmail.com>	2025-05-05 10:37:04 -0400
committer	Hazelnoot <acomputerdog@gmail.com>	2025-05-08 11:05:15 -0400
commit	1ac9625eea5a33544f2424bac6de6e94ffe0a4ad (patch)
tree	ac1f6ef2c4119b34d471b8534be209dc9a817d51 /packages/backend/src/server/web
parent	avoid fetching notes twice in UrlPreviewService (diff)
download	sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.tar.gz sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.tar.bz2 sharkey-1ac9625eea5a33544f2424bac6de6e94ffe0a4ad.zip