mirrors/barkey
1
0
Fork 0
mirror of https://codeberg.org/yeentown/barkey.git synced 2025-11-04 07:24:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

Browse source
This commit is contained in:
Laura Hausmann 2024-10-24 04:18:49 +02:00 committed by Julia Johannesen
parent b74e2e9167
commit 4d925fc086
No known key found for this signature in database
GPG key ID: 4A1377AF3E7FBC46
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/src/core/activitypub/ApInboxService.ts
View file

@ -426,6 +426,9 @@ export class ApInboxService {
return 'skip: host in actor.uri !== note.id'; return 'skip: host in actor.uri !== note.id';
} }
} }
else {
return 'skip: note.id is not a string'
}
} }
const unlock = await this.appLockService.getApLock(uri); const unlock = await this.appLockService.getApLock(uri);