mirrors/activitypub-federation-rust
1
0
Fork 0
mirror of https://github.com/LemmyNet/activitypub-federation-rust.git synced 2024-06-11 09:49:24 +00:00
Code Issues Projects Releases Wiki Activity

Make response content-type check case insensitive

Browse source 
For wordpress compat
This commit is contained in:
Felix Ableitner 2024-05-02 13:31:07 +02:00
parent 24afad7abc
commit 226d850836
1 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/fetch/mod.rs
View file

@ -54,17 +54,20 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
data: &Data<T>, data: &Data<T>,
) -> Result<FetchObjectResponse<Kind>, Error> { ) -> Result<FetchObjectResponse<Kind>, Error> {
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE); static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static( static ALT_CONTENT_TYPE: &str =
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
); static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?; let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
// Ensure correct content-type to prevent vulnerabilities. // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
if res.content_type.as_ref() != Some(&CONTENT_TYPE) let content_type = res
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE) .content_type
&& res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON) .as_ref()
.and_then(|c| c.to_str().map(str::to_lowercase).ok());
let content_type = content_type.as_deref();
if content_type != Some(FEDERATION_CONTENT_TYPE)
&& content_type != Some(ALT_CONTENT_TYPE)
&& content_type != Some(ALT_CONTENT_TYPE_MASTODON)
{ {
return Err(Error::FetchInvalidContentType(res.url)); return Err(Error::FetchInvalidContentType(res.url));
} }