Merge branch 'fix/bypass-authorized-fetch-mode-json' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 436757994944b142ba9716432bcac54b83fc1fef
parent 589301ce0655c5a31d037f27fc1767e6dffb5381
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date:   Thu, 22 Jun 2023 10:35:56 +0000

Merge branch 'fix/bypass-authorized-fetch-mode-json' into 'develop'

Prevent using a .json format to bypass authorized fetch mode

See merge request pleroma/pleroma!3908
Diffstat:
A changelog.d/prevent-bypassing-authorized-fetch-mode.fix 2 ++
M lib/pleroma/web/plugs/http_signature_plug.ex 2 +-

2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/changelog.d/prevent-bypassing-authorized-fetch-mode.fix b/changelog.d/prevent-bypassing-authorized-fetch-mode.fix
@@ -0,0 +1 @@
+Prevent using the .json format to bypass authorized fetch mode
+\ No newline at end of file
diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["json", "activity+json"] do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()

A	changelog.d/prevent-bypassing-authorized-fetch-mode.fix	2	++
M	lib/pleroma/web/plugs/http_signature_plug.ex	2	+-