From 70be92c8976eed851ff19c598cd81f6037cd441d Mon Sep 17 00:00:00 2001 From: Oneric Date: Fri, 17 May 2024 22:29:48 +0200 Subject: [PATCH] Fix Accept headers when fetching AP objects to match spec ActivityPub spec section 3.2 reads > The client MUST specify an Accept header with the > `application/ld+json; profile="https://www.w3.org/ns/activitystreams"` > media type in order to retrieve the activity. Currently Mastodon omits the profile in its dereferences (but not the fetch service) and only lists application/ld+json as one of several possible types. This breaks spec and allows spec-compliant implementations to refuse any such fetch requests. Resolve this by adding the required profile and while at it, make the only spec-compliant type the first listed choice in all relevant places. While unlikely to be a problem due to other parts already including a profile, also keep a profile-less JSON-LD type where it existed before to ensure this doesn't break federation with a hypothetical buggy implemenetation relying on this current Mastodon quirk. Section 7 also specifies the same media type MUST be used in the Content-Type header of for POST requests, but here we can't specify alternatives, so for now keep the current type. Fixes a part of https://github.com/mastodon/mastodon/issues/22720 --- app/lib/activitypub/dereferencer.rb | 2 +- app/services/fetch_resource_service.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/lib/activitypub/dereferencer.rb b/app/lib/activitypub/dereferencer.rb index eb99842828c..01798aa4314 100644 --- a/app/lib/activitypub/dereferencer.rb +++ b/app/lib/activitypub/dereferencer.rb @@ -44,7 +44,7 @@ class ActivityPub::Dereferencer req = Request.new(:get, uri) - req.add_headers('Accept' => 'application/activity+json, application/ld+json') + req.add_headers('Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/ld+json') req.add_headers(headers) if headers req.on_behalf_of(@signature_actor) if @signature_actor diff --git a/app/services/fetch_resource_service.rb b/app/services/fetch_resource_service.rb index 84c36f6a101..c8d769bf768 100644 --- a/app/services/fetch_resource_service.rb +++ b/app/services/fetch_resource_service.rb @@ -3,7 +3,7 @@ class FetchResourceService < BaseService include JsonLdHelper - ACCEPT_HEADER = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", text/html;q=0.1' + ACCEPT_HEADER = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, text/html;q=0.1' ACTIVITY_STREAM_LINK_TYPES = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze attr_reader :response_code