mirror of
https://github.com/LemmyNet/activitypub-federation-rust.git
synced 2024-05-19 09:28:04 +00:00
cleaner
This commit is contained in:
parent
226d850836
commit
c8b48371e0
|
@ -53,22 +53,22 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
|
|||
url: &Url,
|
||||
data: &Data<T>,
|
||||
) -> Result<FetchObjectResponse<Kind>, Error> {
|
||||
static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
|
||||
static ALT_CONTENT_TYPE: &str =
|
||||
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
|
||||
static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
|
||||
let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
|
||||
static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
|
||||
const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
|
||||
FEDERATION_CONTENT_TYPE, // lemmy
|
||||
r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
|
||||
r#"application/activity+json; charset=utf-8"#, // mastodon
|
||||
];
|
||||
let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
|
||||
|
||||
// Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
|
||||
let content_type = res
|
||||
.content_type
|
||||
.as_ref()
|
||||
.and_then(|c| c.to_str().map(str::to_lowercase).ok());
|
||||
let content_type = content_type.as_deref();
|
||||
if content_type != Some(FEDERATION_CONTENT_TYPE)
|
||||
&& content_type != Some(ALT_CONTENT_TYPE)
|
||||
&& content_type != Some(ALT_CONTENT_TYPE_MASTODON)
|
||||
{
|
||||
.map(|c| c.to_str().ok())
|
||||
.flatten()
|
||||
.ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
|
||||
if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
|
||||
return Err(Error::FetchInvalidContentType(res.url));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue