Skip to content

Following: Check remote URLs/Objects for Actor type #2041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 31, 2025
Merged

Following: Check remote URLs/Objects for Actor type #2041

merged 4 commits into from
Jul 31, 2025

Conversation

@pfefferle
Copy link
Member

@pfefferle pfefferle commented Jul 31, 2025
edited
Loading

We currently use WebFinger lookup to verify that a remote URL or object is an Actor. This approach is rather lazy and only works because, so far, non-Actor objects don’t include a self link.

Proposed changes:

  • Check remote Object for Type Actor

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

  • Go to '..'

Changelog entry

  • Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • Patch
  • Minor
  • Major

Type

  • Added - for new features
  • Changed - for changes in existing functionality
  • Deprecated - for soon-to-be removed features
  • Removed - for now removed features
  • Fixed - for any bug fixes
  • Security - in case of vulnerabilities

Message

More reliable Actor checks during the follow process.

Copilot AI review requested due to automatic review settings July 31, 2025 19:06
@pfefferle pfefferle self-assigned this Jul 31, 2025
@pfefferle pfefferle requested a review from obenland July 31, 2025 19:07
Copilot AI reviewed Jul 31, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves validation of remote ActivityPub objects by adding a type check to ensure that fetched objects are actually Actors before processing them. The change addresses a gap where the system previously relied solely on WebFinger lookup as proof of Actor type, which was unreliable since non-Actor objects don't typically provide self links.

  • Adds explicit Actor type validation using the is_actor() function
  • Returns a proper error response when a fetched object is not an Actor type
  • Reorganizes import statements for better code organization

@pfefferle pfefferle merged commit e382749 into trunk Jul 31, 2025
12 checks passed
@pfefferle pfefferle deleted the fix/check-for-actor branch July 31, 2025 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@obenland obenland obenland approved these changes

Assignees

@pfefferle pfefferle

Labels

[Feature] Collections

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pfefferle @obenland @matticbot