chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Merge pull request from GHSA-jhrq-qvrm-qr36

Browse source 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
This commit is contained in:
Claire 2024-02-16 11:56:12 +01:00 committed by GitHub
commit a07fff079b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 56 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

4
spec/lib/activitypub/activity/announce_spec.rb
View file

@ -33,7 +33,7 @@ RSpec.describe ActivityPub::Activity::Announce do
context 'when sender is followed by a local account' do
before do
Fabricate(:account).follow!(sender)
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json))
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' })
subject.perform
end
@ -118,7 +118,7 @@ RSpec.describe ActivityPub::Activity::Announce do
subject { described_class.new(json, sender, relayed_through_actor: relay_account) }
before do
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json))
stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' })
end
context 'and the relay is enabled' do