Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update should do origin checking #30

Open
julianlam opened this issue Jan 30, 2024 · 1 comment
Open

Update should do origin checking #30

julianlam opened this issue Jan 30, 2024 · 1 comment
Labels
protocol-level A test that requires a Node that can craft / inspect in detail protocol-level data

Comments

@julianlam
Copy link

Extending on #19:

7.3
The receiving server MUST take care to be sure that the Update is authorized to modify its object. At minimum, this may be done by ensuring that the Update and its object are of same origin.

  1. Deliver a Create(Note)
  2. Deliver an Update(Note) from a different origin
  3. Retrieval of said note should reflect an unchanged object
  4. The Update request should fail with a 4xx error.
@jernst jernst transferred this issue from fediverse-devnet/feditest Mar 11, 2024
@snarfed
Copy link
Member

snarfed commented Mar 20, 2024

Background: https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization

@snarfed snarfed mentioned this issue Mar 20, 2024
Open
@snarfed snarfed mentioned this issue Sep 24, 2024
Open
@jernst jernst added the protocol-level A test that requires a Node that can craft / inspect in detail protocol-level data label Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
protocol-level A test that requires a Node that can craft / inspect in detail protocol-level data
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@snarfed @jernst @julianlam