Fix link verifications when page size exceeds 1MB (#29358)

main-rebase-security-fix
Claire 2024-02-22 18:31:50 +01:00 committed by GitHub
parent a9496882fc
commit 5152dd869e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 14 deletions

View File

@ -19,7 +19,7 @@ class VerifyLinkService < BaseService
def perform_request!
@body = Request.new(:get, @url).add_headers('Accept' => 'text/html').perform do |res|
res.code == 200 ? res.body_with_limit : nil
res.code == 200 ? res.truncated_body : nil
end
end

View File

@ -76,6 +76,20 @@ RSpec.describe VerifyLinkService, type: :service do
end
context 'when a document is truncated but the link back is valid' do
let(:html) do
"
<!doctype html>
<body>
<a rel=\"me\" href=\"#{ActivityPub::TagManager.instance.url_for(account)}\">
"
end
it 'marks the field as verified' do
expect(field.verified?).to be true
end
end
context 'when a link tag might be truncated' do
let(:html) do
"
<!doctype html>
@ -89,19 +103,6 @@ RSpec.describe VerifyLinkService, type: :service do
end
end
context 'when a link back might be truncated' do
let(:html) do
"
<!doctype html>
<body>
<a rel=\"me\" href=\"#{ActivityPub::TagManager.instance.url_for(account)}"
end
it 'does not mark the field as verified' do
expect(field.verified?).to be false
end
end
context 'when a link does not contain a link back' do
let(:html) { '' }