diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php
index b1e7d18cd..c93b1b664 100644
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@@ -191,6 +191,14 @@ XML;
         $id = Helpers::validateUrl($bodyDecoded['id']);
         $keyDomain = parse_url($keyId, PHP_URL_HOST);
         $idDomain = parse_url($id, PHP_URL_HOST);
+        if(isset($bodyDecoded['object']) 
+            && is_array($bodyDecoded['object'])
+            && isset($bodyDecoded['object']['attributedTo'])
+        ) {
+            if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
+                abort(400, 'Invalid request');
+            }
+        }
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
             abort(400, 'Invalid request');
         }