Check posting to permitted url

2021-12-31 10:14:22 +00:00 · 2021-12-31 10:14:22 +00:00 · 19bd33e885
parent 59c88dd2e0
commit 19bd33e885
1 changed files with 6 additions and 0 deletions
--- a/session.py
+++ b/session.py
@ -348,6 +348,12 @@ def post_json_string(session, post_jsonStr: str,
    conversions between string and json format don't invalidate
    the message body digest of http signatures
    """
+    # check that we are posting to a permitted domain
+    if not url_permitted(inbox_url, federation_list):
+        if not quiet:
+            print('post_json_string: ' + inbox_url + ' not permitted')
+        return None, None, 0
+
    try:
        post_result = \
            session.post(url=inbox_url, data=post_jsonStr,