bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-04 03:25:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merge commit from fork

Browse source 
* Add limit on inbox payload size

The 1MB limit is consistent with the limit we use when fetching remote resources

* Add limit to number of options from federated polls

* Add a limit to the number of federated profile fields

* Add limit on federated username length

* Add hard limits for federated display name and account bio

* Add hard limits for `alsoKnownAs` and `attributionDomains`

* Add hard limit on federated custom emoji shortcode

* Highlight most destructive limits and expand on their reasoning
This commit is contained in:
Claire 2026-01-20 15:14:45 +01:00 committed by GitHub
parent 9a25b12f0c
commit 1a74b74a40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 51 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/activitypub/inboxes_controller.rb
View file

@ -3,6 +3,7 @@
class ActivityPub::InboxesController < ActivityPub::BaseController
include JsonLdHelper
before_action :skip_large_payload
before_action :skip_unknown_actor_activity
before_action :require_actor_signature!
skip_before_action :authenticate_user!
@ -16,6 +17,10 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
private
def skip_large_payload
head 413 if request.content_length > ActivityPub::Activity::MAX_JSON_SIZE
end
def skip_unknown_actor_activity
head 202 if unknown_affected_account?
end