akkoma/lib/pleroma/web/activity_pub
Oneric d6d838cbe8 StealEmoji: check remote size before downloading
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
2024-03-18 22:33:10 -01:00
..
activity_pub Remove deps from Streaming/Persisting behaviors 2021-06-01 13:55:07 -05:00
mrf StealEmoji: check remote size before downloading 2024-03-18 22:33:10 -01:00
object_validator Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
object_validators Support elixir1.15 2023-08-03 17:44:09 +01:00
side_effects Refactor ES on top of search behaviour 2022-06-30 16:28:31 +01:00
views Federate user profile background 2024-02-16 16:35:51 +01:00
activity_pub.ex Federate user profile background 2024-02-16 16:35:51 +01:00
activity_pub_controller.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
builder.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
internal_fetch_actor.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
mrf.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
object_validator.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
pipeline.ex Refactor ES on top of search behaviour 2022-06-30 16:28:31 +01:00
publisher.ex MIX FORMAT 2023-08-15 23:26:22 +01:00
relay.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
side_effects.ex Add ability to auto-approve followbacks 2024-02-13 15:42:37 +01:00
transmogrifier.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
utils.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
visibility.ex local-only-fixed (#138) 2022-08-02 14:46:46 +00:00