Improve federated ID validation (#8372)

* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
2018-08-22 20:55:14 +02:00
parent ad41806e53
commit 802cf6a4c5
10 changed files with 122 additions and 9 deletions
--- a/app/services/activitypub/fetch_remote_key_service.rb
+++ b/app/services/activitypub/fetch_remote_key_service.rb
@@ -17,7 +17,7 @@ class ActivityPub::FetchRemoteKeyService < BaseService
        @json = fetch_resource(uri, id)
      end
    else
-      @json = body_to_json(prefetched_body)
+      @json = body_to_json(prefetched_body, compare_id: id ? uri : nil)
    end

    return unless supported_context?(@json) && expected_type?