]> cat aescling's git repositories - mastodon.git/commit
Improve shared status verification (#2525)
authorEugen Rochko <eugen@zeonfederated.com>
Thu, 27 Apr 2017 15:06:47 +0000 (17:06 +0200)
committerGitHub <noreply@github.com>
Thu, 27 Apr 2017 15:06:47 +0000 (17:06 +0200)
commit2af4f3c4e22ab9a28a7fca49bee0ee2ed6256f27
tree073f68695a0da1ee7dcf2f909a449b60286ad3f4
parentb8e7eee8372f927a5a3b51e95db3707d34c4ac4b
Improve shared status verification (#2525)

* Instead of parsing shared status contents verbatim, make roundtrip
to purported original URL. Confirm that the "original" URL is from the
same domain as the author it claims to be from.

* Fix obvious typo, add comment

* Use URI look-up first

* Add test, update Goldfinger dependency to make less useless HTTP requests per Webfinger lookup
Gemfile.lock
app/services/fetch_remote_status_service.rb
app/services/process_feed_service.rb
spec/services/follow_remote_account_service_spec.rb
spec/services/process_feed_service_spec.rb