Oneric
baaeffdebc
Turns out we already had a test for activities spoofed via upload due to an exploit several years. Back then *oma did not verify content-type at all and doing so was the only adopted countermeasure. Even the added test sample though suffered from a mismatching id, yet nobody seems to have thought it a good idea to tighten id checks, huh Since we will add stricter id checks later, make id and URL match and also add a testcase for no content type at all. The new section will be expanded in subsequent commits. |
||
---|---|---|
.. | ||
config | ||
credo/check/consistency | ||
fixtures | ||
instance_static | ||
mix | ||
pleroma | ||
support | ||
test_helper.exs |