Merge pull request from GHSA-3fjr-858r-92rw

* Fix insufficient origin validation * Bump version to v4.1.13
2024-02-01 15:56:46 +01:00 · 2024-02-01 15:56:46 +01:00 · 5799bc4af7
commit 5799bc4af7
parent fc4e2eca9f
20 changed files with 48 additions and 47 deletions
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@ -157,8 +157,8 @@ module JsonLdHelper
    end
  end

-  def fetch_resource(uri, id, on_behalf_of = nil, request_options: {})
-    unless id
+  def fetch_resource(uri, id_is_known, on_behalf_of = nil, request_options: {})
+    unless id_is_known
      json = fetch_resource_without_id_validation(uri, on_behalf_of)

      return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])