Oneric
baaeffdebc
Turns out we already had a test for activities spoofed via upload due to an exploit several years. Back then *oma did not verify content-type at all and doing so was the only adopted countermeasure. Even the added test sample though suffered from a mismatching id, yet nobody seems to have thought it a good idea to tighten id checks, huh Since we will add stricter id checks later, make id and URL match and also add a testcase for no content type at all. The new section will be expanded in subsequent commits. |
||
---|---|---|
.. | ||
containment_test.exs | ||
fetcher_test.exs | ||
pruner_test.exs | ||
updater_test.exs |