From c8b48371e09054d0a2672084c734eb124e3bea27 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 3 May 2024 00:23:38 +0200 Subject: [PATCH] cleaner --- src/fetch/mod.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs index 45b2a31..494d69e 100644 --- a/src/fetch/mod.rs +++ b/src/fetch/mod.rs @@ -53,22 +53,22 @@ pub async fn fetch_object_http( url: &Url, data: &Data, ) -> Result, Error> { - static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE); - static ALT_CONTENT_TYPE: &str = - r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#; - static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#; - let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?; + static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE); + const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [ + FEDERATION_CONTENT_TYPE, // lemmy + r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard + r#"application/activity+json; charset=utf-8"#, // mastodon + ]; + let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?; // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison. let content_type = res .content_type .as_ref() - .and_then(|c| c.to_str().map(str::to_lowercase).ok()); - let content_type = content_type.as_deref(); - if content_type != Some(FEDERATION_CONTENT_TYPE) - && content_type != Some(ALT_CONTENT_TYPE) - && content_type != Some(ALT_CONTENT_TYPE_MASTODON) - { + .map(|c| c.to_str().ok()) + .flatten() + .ok_or(Error::FetchInvalidContentType(res.url.clone()))?; + if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) { return Err(Error::FetchInvalidContentType(res.url)); }