Leatherface/mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2025-12-13 15:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from GHSA-jhrq-qvrm-qr36

Browse Source 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
This commit is contained in:
Claire
2024-02-16 11:56:12 +01:00
committed by GitHub
parent a8ee6fdd62
commit 9fee5e8526
12 changed files with 57 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/services/fetch_resource_service.rb
View File

@@ -44,7 +44,7 @@ class FetchResourceService < BaseService
@response_code = response.code
return nil if response.code != 200
if ['application/activity+json', 'application/ld+json'].include?(response.mime_type)
if valid_activitypub_content_type?(response)
body = response.body_with_limit
json = body_to_json(body)