Cap remote recipient fetches per incoming activity#3094
Open
Cap remote recipient fetches per incoming activity#3094
Conversation
Limit the number of outbound HTTP requests triggered by remote recipient URLs in to/cc/bcc fields to prevent abuse. Defaults to 5, filterable via `activitypub_max_remote_recipient_fetches`.
There was a problem hiding this comment.
Pull request overview
This PR mitigates abuse of the shared inbox endpoint by limiting how many outbound HTTP fetches can be triggered from remote recipient URLs embedded in incoming ActivityPub activities.
Changes:
- Add a per-activity cap (default: 5) on remote recipient lookups, filterable via
activitypub_max_remote_recipient_fetches. - Skip additional remote recipient fetches once the cap is reached while continuing to process same-domain recipients.
- Add a patch-level changelog entry documenting the fix.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| includes/rest/class-inbox-controller.php | Adds the remote-recipient fetch cap (and introduces a new filter) inside get_local_recipients(). |
| .github/changelog/fix-cap-remote-recipient-fetches | Documents the change as a patch “fixed” item. |
Instead of always fetching remote recipient URLs to check if they are collections, compare them against the actor's known followers URL from the cached Remote_Actors post. This avoids consuming a remote fetch slot for the most common collection URL and ensures followers are resolved even when the fetch cap is reached.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
to/cc/bccfields of incoming activities.activitypub_max_remote_recipient_fetches.Remote_Actorspost) instead of fetching it, so it never counts against the remote fetch cap.Test plan
to/cc/bcc— all should be resolved as before.cc— followers should be resolved without an HTTP fetch, even if the cap is already reached.