search

fediverse-devnet / feditest-tests-fediverse

The tests for the fediverse testsuite
MIT License
6 stars 4 forks source link

`Update` should do origin checking #30

Open julianlam opened 8 months ago

julianlam commented 8 months ago

Extending on fediverse-devnet/feditest-tests-fediverse#19:

7.3 The receiving server MUST take care to be sure that the Update is authorized to modify its object. At minimum, this may be done by ensuring that the Update and its object are of same origin.

  1. Deliver a Create(Note)
  2. Deliver an Update(Note) from a different origin
  3. Retrieval of said note should reflect an unchanged object
  4. The Update request should fail with a 4xx error.
snarfed commented 6 months ago

Background: https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization