chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Merge pull request from GHSA-3fjr-858r-92rw

Browse source 
* Fix insufficient origin validation

* Bump version to v4.1.13
This commit is contained in:
Claire 2024-02-01 15:56:46 +01:00 committed by GitHub
commit 5799bc4af7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 48 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/lib/activitypub/activity.rb
View file

@ -153,7 +153,8 @@ class ActivityPub::Activity
def fetch_remote_original_status
if object_uri.start_with?('http')
return if ActivityPub::TagManager.instance.local_uri?(object_uri)
ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
ActivityPub::FetchRemoteStatusService.new.call(object_uri, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
elsif @object['url'].present?
::FetchRemoteStatusService.new.call(@object['url'], request_id: @options[:request_id])
end