pleroma

History

rinpatch 6ca709816f Fix object spoofing vulnerability in attachments Validate the content-type of the response when fetching an object, according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects. content-type headers had to be added to many mocks in order to support this, some of this was done with a regex. While I did go over the resulting files to check I didn't modify anything unrelated, there is a possibility I missed something. Closes pleroma#1948	2020-11-12 15:25:33 +03:00
..
containment_test.exs	tests consistency	2020-10-13 16:35:09 +03:00
fetcher_test.exs	Fix object spoofing vulnerability in attachments	2020-11-12 15:25:33 +03:00

rinpatch 6ca709816f Fix object spoofing vulnerability in attachments

Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948

2020-11-12 15:25:33 +03:00

containment_test.exs

tests consistency

2020-10-13 16:35:09 +03:00

fetcher_test.exs

Fix object spoofing vulnerability in attachments

2020-11-12 15:25:33 +03:00