diff options
| author | Laura Hausmann <laura@hausmann.dev> | 2024-10-24 04:28:43 +0200 |
|---|---|---|
| committer | Julia Johannesen <julia@insertdomain.name> | 2024-11-20 19:17:24 -0500 |
| commit | 174dfb83d09d13876c65b98c75769d01f5c0ec47 (patch) | |
| tree | e268cbc7f8e294bf933e979b2e8754e3ac5f5f01 /packages/backend/src | |
| parent | fix: primitives 5 & 8: reject activities with non-string identifiers (diff) | |
| download | sharkey-174dfb83d09d13876c65b98c75769d01f5c0ec47.tar.gz sharkey-174dfb83d09d13876c65b98c75769d01f5c0ec47.tar.bz2 sharkey-174dfb83d09d13876c65b98c75769d01f5c0ec47.zip | |
fix: primitive 6: reject anonymous objects that were fetched by their id
Diffstat (limited to 'packages/backend/src')
| -rw-r--r-- | packages/backend/src/core/activitypub/ApResolverService.ts | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts index 5d5c61ce2c..a2c7ed19d8 100644 --- a/packages/backend/src/core/activitypub/ApResolverService.ts +++ b/packages/backend/src/core/activitypub/ApResolverService.ts @@ -121,7 +121,11 @@ export class Resolver { // `object.id` or `object.url` matches the URL used to fetch the // object after redirects; here we double-check that no redirects // bounced between hosts - if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) { + if (object.id == null) { + throw new Error('invalid AP object: missing id'); + } + + if (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value)) { throw new Error(`invalid AP object ${value}: id ${object.id} has different host`); } |