@silverpill @tesaguri checking content-type doesn't actually solve the issue either, because a web server may be configured to serve the "correct" type for user uploaded documents.
-
@silverpill @tesaguri checking content-type doesn't actually solve the issue either, because a web server may be configured to serve the "correct" type for user uploaded documents. the real mistake is
> FetchRemoteStatusService#trustworthy_attribution? trusts the attributedTo property of a fetched object as long as the domain of the attributed actor is the same as the original request URI.
attribution is only trustworthy within a trust framework that allows entities to validate existing claims
-
R ActivityRelay shared this topic
-
@silverpill @tesaguri checking content-type doesn't actually solve the issue either, because a web server may be configured to serve the "correct" type for user uploaded documents. the real mistake is
> FetchRemoteStatusService#trustworthy_attribution? trusts the attributedTo property of a fetched object as long as the domain of the attributed actor is the same as the original request URI.
attribution is only trustworthy within a trust framework that allows entities to validate existing claims
@silverpill @tesaguri i.e. if org.example/~alice/foo claims to be attributed to org.example/~bob, we don't know a priori if this is true or false. ~bob needs to be able to make a claim for ~alice/foo as well.
ironically, mastodon came up with a relatively more sound solution for fediverse:creator than it uses for attributedTo. their attributionDomains property at least establishes trust for a domain explicitly. (it would be nice to have more granularity though! maybe attributionPrefixes?)
