Prevent bypassing authorized fetch mode with a json file

author: Sean King <seanking2919@protonmail.com> 2023-06-21 23:10:56 -0600
committer: Sean King <seanking2919@protonmail.com> 2023-06-21 23:10:56 -0600
commit: a5a354a36e144c19ce3f9e79cb898227fc7ef723 (patch)
tree: ac67341c04cd7ba6fdde758566d5409ee8865654 /lib
parent: 589301ce0655c5a31d037f27fc1767e6dffb5381 (diff)
download: pleroma-a5a354a36e144c19ce3f9e79cb898227fc7ef723.tar.gz
pleroma-a5a354a36e144c19ce3f9e79cb898227fc7ef723.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex
index 4bf325218..e814efc2c 100644
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   end
 
   def call(conn, _opts) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["json", "activity+json"] do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()
author	Sean King <seanking2919@protonmail.com>	2023-06-21 23:10:56 -0600
committer	Sean King <seanking2919@protonmail.com>	2023-06-21 23:10:56 -0600
commit	a5a354a36e144c19ce3f9e79cb898227fc7ef723 (patch)
tree	ac67341c04cd7ba6fdde758566d5409ee8865654 /lib
parent	589301ce0655c5a31d037f27fc1767e6dffb5381 (diff)
download	pleroma-a5a354a36e144c19ce3f9e79cb898227fc7ef723.tar.gz pleroma-a5a354a36e144c19ce3f9e79cb898227fc7ef723.zip