From 226d850836d56d2b93b970b51bb868b9f2fd1b0a Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 2 May 2024 13:31:07 +0200 Subject: [PATCH] Make response content-type check case insensitive For wordpress compat --- src/fetch/mod.rs | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs index 4d563b6..45b2a31 100644 --- a/src/fetch/mod.rs +++ b/src/fetch/mod.rs @@ -54,17 +54,20 @@ pub async fn fetch_object_http( data: &Data, ) -> Result, Error> { static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE); - static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static( - r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, - ); - static ALT_CONTENT_TYPE_MASTODON: HeaderValue = - HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#); + static ALT_CONTENT_TYPE: &str = + r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#; + static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#; let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?; - // Ensure correct content-type to prevent vulnerabilities. - if res.content_type.as_ref() != Some(&CONTENT_TYPE) - && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE) - && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON) + // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison. + let content_type = res + .content_type + .as_ref() + .and_then(|c| c.to_str().map(str::to_lowercase).ok()); + let content_type = content_type.as_deref(); + if content_type != Some(FEDERATION_CONTENT_TYPE) + && content_type != Some(ALT_CONTENT_TYPE) + && content_type != Some(ALT_CONTENT_TYPE_MASTODON) { return Err(Error::FetchInvalidContentType(res.url)); }