gitforge/services/federation
elle 540551acf2 federation: protect against SSRF attacks (#11795)
Adds an extra check to ensure the `keyId` and `actorId` included in signed requests and actor records point back to the originating host.

This check prevents server-side request forgery (SSRF) attacks where a carefully crafted request could be used to trick a federation server into making requests to arbitrary hosts and ports.

Further refactors can make these checks more robust, but would better fit after other existing refactor PRs are merged.

Related: https://codeberg.org/forgejo/forgejo/issues/11779

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11795
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-07-08 02:03:17 +02:00
..
delivery_queue.go federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
error.go
federation_service.go federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
person_inbox_accept.go
person_inbox_create.go
person_inbox_follow.go
person_inbox_undo.go
person_service.go
repository_inbox_like.go federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
repository_service.go
result.go
signature_service.go federation: protect against SSRF attacks (#11795) 2026-07-08 02:03:17 +02:00
user_activity.go fix(activitypub): only return public activities on request (#12382) 2026-05-09 05:02:57 +02:00