Anon/pleroma
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent bypassing authorized fetch mode with a json file

Browse Source
This commit is contained in:
Sean King 2023-06-21 23:10:56 -06:00
parent 589301ce06
commit a5a354a36e
No known key found for this signature in database
GPG Key ID: 510C52BACD6E7257
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/pleroma/web/plugs/http_signature_plug.ex
View File

@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
end
def call(conn, _opts) do
if get_format(conn) == "activity+json" do
if get_format(conn) in ["json", "activity+json"] do
conn
|> maybe_assign_valid_signature()
|> maybe_require_signature()