Merge branch 'fix/bypass-authorized-fetch-mode-json' into 'develop'

Prevent using a .json format to bypass authorized fetch mode

See merge request pleroma/pleroma!3908
This commit is contained in:
Haelwenn 2023-06-22 10:35:56 +00:00
commit 4367579949
2 changed files with 2 additions and 1 deletions

View File

@ -0,0 +1 @@
Prevent using the .json format to bypass authorized fetch mode

View File

@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
end end
def call(conn, _opts) do def call(conn, _opts) do
if get_format(conn) == "activity+json" do if get_format(conn) in ["json", "activity+json"] do
conn conn
|> maybe_assign_valid_signature() |> maybe_assign_valid_signature()
|> maybe_require_signature() |> maybe_require_signature()