sjw
/
pleroma
mirror of https://git.pleroma.social/sjw/pleroma.git
1
0
Fork 0
Code Issues Releases Wiki Activity
12,481 Commits 136 Branches 24 Tags 254 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Mark Felder 3283d0805f Use Jason instead of Poison in tests 2020-11-23 13:28:55 -06:00
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments 
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
 2020-11-12 15:25:33 +03:00
Mark Felder 966663c3f8 Fix tests for other attachment types 2020-11-11 16:17:35 -06:00
Alexander Strizhakov f679486540
rebase 2020-10-13 16:44:02 +03:00