Merge branch 'strip-object-actor' into 'develop'

Strip actor from objects before federating

Closes #3269

See merge request pleroma/pleroma!4105
This commit is contained in:
feld 2024-05-15 20:51:47 +00:00
commit e944b15298
6 changed files with 9 additions and 10 deletions

View file

@ -0,0 +1 @@
Strip actor property from objects before federating

View file

@ -9,6 +9,7 @@ defmodule Pleroma.Constants do
const(object_internal_fields,
do: [
"actor",
"reactions",
"reaction_count",
"likes",

View file

@ -1,10 +1,10 @@
{
"actor": "http://2hu.gensokyo/users/raymoo",
"id": "http://2hu.gensokyo/objects/1",
"actor": "http://mastodon.example.org/users/admin",
"id": "http://mastodon.example.org/objects/1",
"object": {
"attributedTo": "http://2hu.gensokyo/users/raymoo",
"attributedTo": "http://mastodon.example.org/users/admin",
"content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
"id": "http://2hu.gensokyo/objects/2",
"id": "http://mastodon.example.org/objects/2",
"published": "2020-02-12T14:08:20Z",
"to": [
"http://2hu.gensokyo/users/marisa"

View file

@ -221,7 +221,6 @@ test "it creates a zip archive with user data" do
"orderedItems" => [
%{
"object" => %{
"actor" => "http://cofe.io/users/cofe",
"content" => "status1",
"type" => "Note"
},
@ -229,7 +228,6 @@ test "it creates a zip archive with user data" do
},
%{
"object" => %{
"actor" => "http://cofe.io/users/cofe",
"content" => "status2"
}
},

View file

@ -116,8 +116,6 @@ test "it fetches the actor if they aren't in our system" do
data =
File.read!("test/fixtures/create-chat-message.json")
|> Jason.decode!()
|> Map.put("actor", "http://mastodon.example.org/users/admin")
|> put_in(["object", "actor"], "http://mastodon.example.org/users/admin")
_recipient = insert(:user, ap_id: List.first(data["to"]), local: true)

View file

@ -169,7 +169,7 @@ test "it inlines private announced objects" do
{:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)
assert modified["object"]["content"] == "hey"
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
assert activity.actor == modified["object"]["attributedTo"]
end
test "it turns mentions into tags" do
@ -220,7 +220,7 @@ test "it sets the 'attributedTo' property to the actor of the object if it doesn
{:ok, activity} = CommonAPI.post(user, %{status: "hey"})
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
assert modified["object"]["actor"] == modified["object"]["attributedTo"]
assert activity.actor == modified["object"]["attributedTo"]
end
test "it strips internal hashtag data" do
@ -266,6 +266,7 @@ test "it strips internal fields" do
assert is_nil(modified["object"]["announcements"])
assert is_nil(modified["object"]["announcement_count"])
assert is_nil(modified["object"]["generator"])
assert is_nil(modified["object"]["actor"])
end
test "it strips internal fields of article" do