Oneric 940792f8ba Refetch on AP ID mismatch ... As hinted at in the commit message when strict checking was added in 8684964c5d, refetching is more robust than display URL comparison but in exchange is harder to implement correctly. A similar refetch approach is also employed by e.g. Mastodon, IceShrimp and FireFish. To make sure no checks can be bypassed by forcing a refetch, id checking is placed at the very end. This will fix: - Peertube display URL arrays our transmogrifier fails to normalise - non-canonical display URLs from alternative frontends (theoretical; we didnt’t get any actual reports about this) It will also be helpful in the planned key handling overhaul. The modified user collision test was introduced in https://git.pleroma.social/pleroma/pleroma/-/merge_requests/461 and unfortunately the issues this fixes aren’t public. Afaict it was just meant to guard against someone serving faked data belonging to an unrelated domain. Since we now refetch and the id actually is mocked, lookup now succeeds but will use the real data from the authorative server making it unproblematic. Instead modify the fake data further and make sure we don’t end up using the spoofed version.		2024-10-14 01:42:43 +02:00
..
mix	mix: consistently use shell_info and shell_error	2024-05-31 17:17:42 +02:00
phoenix/transports/web_socket	Migrate to phoenix 1.7 (#626)	2023-08-15 10:22:18 +00:00
pleroma	Refetch on AP ID mismatch	2024-10-14 01:42:43 +02:00