fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
This commit is contained in:
parent
b74e2e9167
commit
4d925fc086
|
@ -426,6 +426,9 @@ export class ApInboxService {
|
||||||
return 'skip: host in actor.uri !== note.id';
|
return 'skip: host in actor.uri !== note.id';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
return 'skip: note.id is not a string'
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const unlock = await this.appLockService.getApLock(uri);
|
const unlock = await this.appLockService.getApLock(uri);
|
||||||
|
|
Loading…
Reference in New Issue