fix: primitive 6: reject anonymous objects that were fetched by their id
This commit is contained in:
parent
ad8e8793c7
commit
174dfb83d0
@ -121,7 +121,11 @@ export class Resolver {
|
|||||||
// `object.id` or `object.url` matches the URL used to fetch the
|
// `object.id` or `object.url` matches the URL used to fetch the
|
||||||
// object after redirects; here we double-check that no redirects
|
// object after redirects; here we double-check that no redirects
|
||||||
// bounced between hosts
|
// bounced between hosts
|
||||||
if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
|
if (object.id == null) {
|
||||||
|
throw new Error('invalid AP object: missing id');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value)) {
|
||||||
throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
|
throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user