mastodon/app/services/activitypub/fetch_remote_account_service.rb
Claire 1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
2024-02-01 15:56:46 +01:00

12 lines
578 B
Ruby

# frozen_string_literal: true
class ActivityPub::FetchRemoteAccountService < ActivityPub::FetchRemoteActorService
# Does a WebFinger roundtrip on each call, unless `only_key` is true
def call(uri, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
actor = super
return actor if actor.nil? || actor.is_a?(Account)
Rails.logger.debug { "Fetching account #{uri} failed: Expected Account, got #{actor.class.name}" }
raise Error, "Expected Account, got #{actor.class.name}" unless suppress_errors
end
end