kopia lustrzana https://github.com/snarfed/bridgy-fed
404 requests for root paths that aren't user domains
lots of these are fediverse tools sniffing for specific implentations, eg mastodon etc. /siteinfo.json, /status.php, etc.thib
rodzic
9784686b1c
commit
9eae3087fd
|
@ -71,6 +71,10 @@ class ActorHandler(common.Handler):
|
|||
|
||||
@cache_response(CACHE_TIME)
|
||||
def get(self, domain):
|
||||
tld = domain.split('.')[-1]
|
||||
if tld in common.TLD_BLOCKLIST:
|
||||
self.error('', status=404)
|
||||
|
||||
mf2 = util.fetch_mf2('http://%s/' % domain, gateway=True,
|
||||
headers=common.HEADERS)
|
||||
# logging.info('Parsed mf2 for %s: %s', resp.url, json_dumps(mf2, indent=2))
|
||||
|
|
|
@ -17,6 +17,8 @@ from models import Response
|
|||
|
||||
DOMAIN_RE = r'([^/:]+\.[^/:]+)'
|
||||
ACCT_RE = r'(?:acct:)?([^@]+)@' + DOMAIN_RE
|
||||
TLD_BLOCKLIST = ('asp', 'aspx', 'gif', 'html', 'ico', 'jpg', 'jpeg', 'js',
|
||||
'json', 'php', 'png', 'txt', 'yaml', 'yml')
|
||||
HEADERS = {
|
||||
'User-Agent': 'Bridgy Fed (https://fed.brid.gy/)',
|
||||
}
|
||||
|
|
|
@ -194,6 +194,10 @@ class ActivityPubTest(testutil.TestCase):
|
|||
self.assertEqual(400, got.status_int)
|
||||
self.assertIn('representative h-card', got.body.decode())
|
||||
|
||||
def test_actor_blocked_tld(self, _, __, ___):
|
||||
got = application.get_response('/foo.json')
|
||||
self.assertEqual(404, got.status_int)
|
||||
|
||||
def test_inbox_reply_object(self, *mocks):
|
||||
self._test_inbox_reply(REPLY_OBJECT, REPLY_OBJECT, *mocks)
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue