mirrors/activitypub-federation-rust
1
0
Fork 0
mirror of https://github.com/LemmyNet/activitypub-federation-rust.git synced 2024-05-19 09:28:04 +00:00
Code Issues Projects Releases Wiki Activity

cleaner

Browse source
This commit is contained in:
Felix Ableitner 2024-05-03 00:23:38 +02:00
parent 226d850836
commit c8b48371e0
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/fetch/mod.rs
View file

@ -53,22 +53,22 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
url: &Url,
data: &Data<T>,
) -> Result<FetchObjectResponse<Kind>, Error> {
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
static ALT_CONTENT_TYPE: &str =
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
FEDERATION_CONTENT_TYPE, // lemmy
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
r#"application/activity+json; charset=utf-8"#, // mastodon
];
let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
// Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
let content_type = res
.content_type
.as_ref()
.and_then(|c| c.to_str().map(str::to_lowercase).ok());
let content_type = content_type.as_deref();
if content_type != Some(FEDERATION_CONTENT_TYPE)
&& content_type != Some(ALT_CONTENT_TYPE)
&& content_type != Some(ALT_CONTENT_TYPE_MASTODON)
{
.map(|c| c.to_str().ok())
.flatten()
.ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
return Err(Error::FetchInvalidContentType(res.url));
}