fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
This commit is contained in:
parent
b74e2e9167
commit
4d925fc086
|
@ -426,6 +426,9 @@ export class ApInboxService {
|
|||
return 'skip: host in actor.uri !== note.id';
|
||||
}
|
||||
}
|
||||
else {
|
||||
return 'skip: note.id is not a string'
|
||||
}
|
||||
}
|
||||
|
||||
const unlock = await this.appLockService.getApLock(uri);
|
||||
|
|
Loading…
Reference in New Issue