From 1257331291f27b55340a4ccca459a2673f3f37c2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 15 Feb 2020 00:35:46 +0100 Subject: [PATCH] MastodonAPI.StatusView: Do not use site_name site_name allow to spoof the origin of the domain and so hacks like: --- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 +--- test/web/mastodon_api/views/status_view_test.exs | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index e1e92034f..d4695c1c6 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -321,11 +321,9 @@ def render("card.json", %{rich_media: rich_media, page_url: page_url}) do nil end - site_name = rich_media[:site_name] || page_url_data.host - %{ type: "link", - provider_name: site_name, + provider_name: page_url_data.host, provider_url: page_url_data.scheme <> "://" <> page_url_data.host, url: page_url, image: image_url |> MediaProxy.url(), diff --git a/test/web/mastodon_api/views/status_view_test.exs b/test/web/mastodon_api/views/status_view_test.exs index ba58e48e8..560f8179f 100644 --- a/test/web/mastodon_api/views/status_view_test.exs +++ b/test/web/mastodon_api/views/status_view_test.exs @@ -491,7 +491,7 @@ test "a rich media card without an image renders correctly" do title: "Example website" } - %{provider_name: "Example site name"} = + %{provider_name: "example.com"} = StatusView.render("card.json", %{page_url: page_url, rich_media: card}) end @@ -506,7 +506,7 @@ test "a rich media card with all relevant data renders correctly" do description: "Example description" } - %{provider_name: "Example site name"} = + %{provider_name: "example.com"} = StatusView.render("card.json", %{page_url: page_url, rich_media: card}) end end