It looks like url validations are added in f7564d87b0, but I found another validation commit not applied in Calckey, so I cherry-picked 0da0cc80b9 from [Misskey](https://github.com/misskey-dev/misskey).
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Co-authored-by: naskya <m@naskya.net>
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9882
Co-authored-by: naskya <naskya@noreply.codeberg.org>
Co-committed-by: naskya <naskya@noreply.codeberg.org>
Sorry to create PR multiple times. I should have included this in #9778.
Co-authored-by: naskya <m@naskya.net>
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9783
Co-authored-by: naskya <naskya@noreply.codeberg.org>
Co-committed-by: naskya <naskya@noreply.codeberg.org>
A change sometime ago moved to setting some signature fields in the incoming
object to undefined as opposed to deleting them. The trouble is that downstream
code checks against existence, not undefinedness and rejects the message.
Resolves: #9665
#9293
Not sure if this is the right approach for this
Co-authored-by: s1idewhist1e <trombonedude05@gmail.com>
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9705
Co-authored-by: s1idewhist1e <s1idewhist1e@noreply.codeberg.org>
Co-committed-by: s1idewhist1e <s1idewhist1e@noreply.codeberg.org>
This PR should kill #9531 - Safeguarding against posts that are made before 2007 (Identica being made in 2008, the 'first ever activitypub software' according to wikipedia.)
Personally, if gone unnoticed, I believe that notes from the past can be used as an attack vector to silently flood a database.
Co-authored-by: Kio-td <kio.thedev@gmail.com>
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9605
Co-authored-by: daikei <daikei@noreply.codeberg.org>
Co-committed-by: daikei <daikei@noreply.codeberg.org>
