limepotato/jormungandr-bite
1
0
Fork 0
mirror of https://iceshrimp.dev/limepotato/jormungandr-bite.git synced 2024-11-22 09:57:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

[backend] Improved http signature verification checks

Browse source 
This fixes an edge case where federation with split domain instances could fail.
This commit is contained in:
Laura Hausmann 2023-10-21 22:39:03 +02:00
parent 1f53affd76
commit 04fa6bef15
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
packages/backend/src/remote/activitypub/check-fetch.ts
View file

@ -81,8 +81,13 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
return 403; return 403;
} }
// もう一回チェック // Cannot authenticate against local user
if (authUser.user.host !== host) { if (authUser.user.uri === null || authUser.user.host === null) {
return 400;
}
// Check if keyId hostname matches actor hostname
if (toPuny(new URL(authUser.user.uri).hostname) !== host) {
return 403; return 403;
} }