mirror of
https://github.com/LemmyNet/activitypub-federation-rust.git
synced 2024-06-11 09:49:24 +00:00
Make response content-type check case insensitive
For wordpress compat
This commit is contained in:
parent
24afad7abc
commit
226d850836
|
@ -54,17 +54,20 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
|
||||||
data: &Data<T>,
|
data: &Data<T>,
|
||||||
) -> Result<FetchObjectResponse<Kind>, Error> {
|
) -> Result<FetchObjectResponse<Kind>, Error> {
|
||||||
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
|
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
|
||||||
static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
|
static ALT_CONTENT_TYPE: &str =
|
||||||
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
|
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
|
||||||
);
|
static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
|
||||||
static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
|
|
||||||
HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
|
|
||||||
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
|
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
|
||||||
|
|
||||||
// Ensure correct content-type to prevent vulnerabilities.
|
// Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
|
||||||
if res.content_type.as_ref() != Some(&CONTENT_TYPE)
|
let content_type = res
|
||||||
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
|
.content_type
|
||||||
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
|
.as_ref()
|
||||||
|
.and_then(|c| c.to_str().map(str::to_lowercase).ok());
|
||||||
|
let content_type = content_type.as_deref();
|
||||||
|
if content_type != Some(FEDERATION_CONTENT_TYPE)
|
||||||
|
&& content_type != Some(ALT_CONTENT_TYPE)
|
||||||
|
&& content_type != Some(ALT_CONTENT_TYPE_MASTODON)
|
||||||
{
|
{
|
||||||
return Err(Error::FetchInvalidContentType(res.url));
|
return Err(Error::FetchInvalidContentType(res.url));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue