From c9df2fd060f5f35e065cb7895d6ef968f2defe1c Mon Sep 17 00:00:00 2001 From: Johann150 Date: Sun, 28 May 2023 23:24:39 +0200 Subject: [PATCH] validate that note attributed to is not local --- packages/backend/src/remote/activitypub/models/note.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/backend/src/remote/activitypub/models/note.ts b/packages/backend/src/remote/activitypub/models/note.ts index acda4566e..e630eb715 100644 --- a/packages/backend/src/remote/activitypub/models/note.ts +++ b/packages/backend/src/remote/activitypub/models/note.ts @@ -52,6 +52,9 @@ export function validateNote(object: IObject): Error | null { if (attributedToHost !== expectHost) { return new Error(`invalid Note: attributedTo has different host. expected: ${expectHost}, actual: ${attributedToHost}`); } + if (attributedToHost === config.hostname) { + return new Error('invalid Note: by local author'); + } return null; }