From a5a354a36e144c19ce3f9e79cb898227fc7ef723 Mon Sep 17 00:00:00 2001
From: Sean King <seanking2919@protonmail.com>
Date: Wed, 21 Jun 2023 23:10:56 -0600
Subject: [PATCH 1/2] Prevent bypassing authorized fetch mode with a json file

---
 lib/pleroma/web/plugs/http_signature_plug.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index 4bf325218..e814efc2c 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["json", "activity+json"] do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()

From 994bfc4c095fae07cd1c61b0f91c80ec60080138 Mon Sep 17 00:00:00 2001
From: Sean King <seanking2919@protonmail.com>
Date: Wed, 21 Jun 2023 23:13:16 -0600
Subject: [PATCH 2/2] Add changelog entry

---
 changelog.d/prevent-bypassing-authorized-fetch-mode.fix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/prevent-bypassing-authorized-fetch-mode.fix

diff --git a/changelog.d/prevent-bypassing-authorized-fetch-mode.fix b/changelog.d/prevent-bypassing-authorized-fetch-mode.fix
new file mode 100644
index 000000000..12f7260d7
--- /dev/null
+++ b/changelog.d/prevent-bypassing-authorized-fetch-mode.fix
@@ -0,0 +1 @@
+Prevent using the .json format to bypass authorized fetch mode
\ No newline at end of file