Merge pull request from GHSA-3fjr-858r-92rw

* Fix insufficient origin validation * Bump version to v3.5.17
2024-02-01 15:56:46 +01:00 · 2024-02-01 15:56:46 +01:00 · b1ed009c65
commit b1ed009c65
parent 35f21191ee
17 changed files with 46 additions and 43 deletions
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@ -157,8 +157,8 @@ module JsonLdHelper
    end
  end

-  def fetch_resource(uri, id, on_behalf_of = nil)
-    unless id
+  def fetch_resource(uri, id_is_known, on_behalf_of = nil)
+    unless id_is_known
      json = fetch_resource_without_id_validation(uri, on_behalf_of)

      return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])