diff --git a/posts.py b/posts.py index 28a7a9e5..a6c8a6c4 100644 --- a/posts.py +++ b/posts.py @@ -460,7 +460,8 @@ def threadSendPost(session,postJsonObject: {},federationList: [],capsList: [],\ backoffTime=60 for attempt in range(20): postResult = postJson(session,postJsonObject,federationList, \ - capsList,inboxUrl,signatureHeaderJson) + capsList,inboxUrl,signatureHeaderJson, \ + "inbox:write") if postResult: postLog.append(postJsonObject['published']+' '+postResult+'\n') # keep the length of the log finite diff --git a/session.py b/session.py index 20190359..d30318ff 100644 --- a/session.py +++ b/session.py @@ -39,13 +39,16 @@ def getJson(session,url: str,headers: {},params: {}) -> {}: pass return None -def postJson(session,postJsonObject: {},federationList: [],capsList: [],inboxUrl: str,headers: {}) -> str: +def postJson(session,postJsonObject: {},federationList: [],capsList: [],inboxUrl: str,headers: {},capability: str) -> str: """Post a json message to the inbox of another person + Supplying a capability, such as "inbox:write" """ - - # check that we are posting to a permitted domain - if not urlPermitted(inboxUrl,federationList,capsList,"inbox:write"): - return None + + # always allow capability requests + if not capability.startswith('cap'): + # check that we are posting to a permitted domain + if not urlPermitted(inboxUrl,federationList,capsList,capability): + return None postResult = session.post(url = inboxUrl, data = json.dumps(postJsonObject), headers=headers) return postResult.text