fix: primitive 6: reject anonymous objects that were fetched by their id

This commit is contained in:
Laura Hausmann 2024-10-24 04:28:43 +02:00 committed by Julia Johannesen
parent ad8e8793c7
commit 174dfb83d0
No known key found for this signature in database
GPG Key ID: 4A1377AF3E7FBC46
1 changed files with 5 additions and 1 deletions

View File

@ -121,7 +121,11 @@ export class Resolver {
// `object.id` or `object.url` matches the URL used to fetch the
// object after redirects; here we double-check that no redirects
// bounced between hosts
if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
if (object.id == null) {
throw new Error('invalid AP object: missing id');
}
if (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value)) {
throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
}