mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-23 08:36:29 +00:00
Merge branch 'fix/bypass-authorized-fetch-mode-json' into 'develop'
Prevent using a .json format to bypass authorized fetch mode See merge request pleroma/pleroma!3908
This commit is contained in:
commit
4367579949
2 changed files with 2 additions and 1 deletions
1
changelog.d/prevent-bypassing-authorized-fetch-mode.fix
Normal file
1
changelog.d/prevent-bypassing-authorized-fetch-mode.fix
Normal file
|
@ -0,0 +1 @@
|
|||
Prevent using the .json format to bypass authorized fetch mode
|
|
@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
|||
end
|
||||
|
||||
def call(conn, _opts) do
|
||||
if get_format(conn) == "activity+json" do
|
||||
if get_format(conn) in ["json", "activity+json"] do
|
||||
conn
|
||||
|> maybe_assign_valid_signature()
|
||||
|> maybe_require_signature()
|
||||
|
|
Loading…
Reference in a new issue