Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dereference object URIs in Create and Update messages #14359

Merged
merged 2 commits into from
Jul 22, 2020
Merged

Dereference object URIs in Create and Update messages #14359

merged 2 commits into from
Jul 22, 2020

Conversation

ClearlyClaire
Copy link
Contributor

@ClearlyClaire ClearlyClaire commented Jul 19, 2020
edited
Loading

Fixes #14353

This is directly a commit cherry-picked from Monsterpit, as I figured it should be enough.

To my understanding, their scheme does not provide any benefit right now, but it provides an opportunity for the sending server to check the receiving actor's key has not changed and is still controlled by that person, among other things: https://the.monsterpit.net/@firedemon/104541374145521914

I am not sure this is a trade-off that makes sense to Mastodon itself, as that's an added round-trip for each Create/Update activity, but supporting Create and Update activities which object is not inlined is probably fine, and falls within the AP spec.

The code does duplicate a few bits from the ActivityPub resource fetching code, so maybe it could be refactored a bit, but otherwise it seems fine to me.

@ClearlyClaire
Dereference object URIs in Create and Update messages
7eaedfe 
Fixes mastodon#14353

Signed-off-by: Thibaut Girka <thib@sitedethib.com>
Gargron
Gargron approved these changes Jul 22, 2020
View reviewed changes
Copy link
Member

@Gargron Gargron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code is a little messy but correct

@Gargron Gargron merged commit bcf85b5 into mastodon:master Jul 22, 2020
ClearlyClaire added a commit to ClearlyClaire/mastodon that referenced this pull request Aug 24, 2020
@ClearlyClaire
Fix dereferencing remote statuses not using the correct account
f02edeb 
Follow-up to mastodon#14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
@ClearlyClaire ClearlyClaire mentioned this pull request Aug 24, 2020
Merged
Gargron pushed a commit that referenced this pull request Aug 24, 2020
@ClearlyClaire
Fix dereferencing remote statuses not using the correct account (#14656)
92319d7 
Follow-up to #14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
thenameisnigel-old pushed a commit to ChatterlyOSE/Chatterly that referenced this pull request Sep 6, 2020
@ClearlyClaire @thenameisnigel-old
Fix dereferencing remote statuses not using the correct account (mast…
6e24d96 
…odon#14656)

Follow-up to mastodon#14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
thenameisnigel-old pushed a commit to ChatterlyOSE/Chatterly that referenced this pull request Sep 7, 2020
@ClearlyClaire @thenameisnigel-old
Fix dereferencing remote statuses not using the correct account (mast…
6035131 
…odon#14656)

Follow-up to mastodon#14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
Gargron pushed a commit that referenced this pull request Oct 19, 2020
@ClearlyClaire @Gargron
Fix dereferencing remote statuses not using the correct account (#14656)
aa98655 
Follow-up to #14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
shouo1987 pushed a commit to CrossGate-Pawoo/mastodon that referenced this pull request Dec 7, 2022
@ClearlyClaire
Dereference object URIs in Create and Update messages (mastodon#14359)
4b94e85 
* Dereference object URIs in Create and Update messages

Fixes mastodon#14353

Signed-off-by: Thibaut Girka <thib@sitedethib.com>

* Refactor, and perform origin check *before* attempting to fetch object

Co-authored-by: Fire Demon <firedemon@creature.cafe>
shouo1987 pushed a commit to CrossGate-Pawoo/mastodon that referenced this pull request Dec 7, 2022
@ClearlyClaire
Fix dereferencing remote statuses not using the correct account (mast…
9395182 
…odon#14656)

Follow-up to mastodon#14359

In the case of limited toots, the receiver may not be explicitly part of the
audience. If a specific user's inbox URI was specified, it makes sense to
dereference the toot from the corresponding user, instead of trying to find
someone in the explicit audience.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gargron Gargron Gargron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support for monsterpit's new federation method?
2 participants
@ClearlyClaire @Gargron