Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)

remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Eugen Rochko 2021-05-01 23:18:59 +02:00 committed by GitHub
parent 422df9d670
commit f627d2eb93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

View File

@ -67,7 +67,7 @@ module JsonLdHelper
unless id unless id
json = fetch_resource_without_id_validation(uri, on_behalf_of) json = fetch_resource_without_id_validation(uri, on_behalf_of)
return unless json return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id'])
uri = json['id'] uri = json['id']
end end

View File

@ -5,6 +5,8 @@ class ActivityPub::FetchRemoteKeyService < BaseService
# Returns account that owns the key # Returns account that owns the key
def call(uri, id: true, prefetched_body: nil) def call(uri, id: true, prefetched_body: nil)
return if uri.blank?
if prefetched_body.nil? if prefetched_body.nil?
if id if id
@json = fetch_resource_without_id_validation(uri) @json = fetch_resource_without_id_validation(uri)