Merge branch 'fix/bypass-authorized-fetch-mode-json' into 'develop'

Prevent using a .json format to bypass authorized fetch mode See merge request pleroma/pleroma!3908
author: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2023-06-22 10:35:56 +0000
committer: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2023-06-22 10:35:56 +0000
commit: 436757994944b142ba9716432bcac54b83fc1fef (patch)
tree: 68fef33de9f83cd0a9a0e86635e101ff9f003853 /lib
parent: 589301ce0655c5a31d037f27fc1767e6dffb5381 (diff)
parent: 994bfc4c095fae07cd1c61b0f91c80ec60080138 (diff)
download: pleroma-436757994944b142ba9716432bcac54b83fc1fef.tar.gz
pleroma-436757994944b142ba9716432bcac54b83fc1fef.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index 4bf325218..e814efc2c 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["json", "activity+json"] do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()
author	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2023-06-22 10:35:56 +0000
committer	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2023-06-22 10:35:56 +0000
commit	436757994944b142ba9716432bcac54b83fc1fef (patch)
tree	68fef33de9f83cd0a9a0e86635e101ff9f003853 /lib
parent	589301ce0655c5a31d037f27fc1767e6dffb5381 (diff)
parent	994bfc4c095fae07cd1c61b0f91c80ec60080138 (diff)
download	pleroma-436757994944b142ba9716432bcac54b83fc1fef.tar.gz pleroma-436757994944b142ba9716432bcac54b83fc1fef.zip