1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Compare commits

...

2 commits

Author SHA1 Message Date
Oneric
997716d150
Merge 70be92c897 into 549ab089ee 2024-07-31 11:06:47 +00:00
Oneric
70be92c897 Fix Accept headers when fetching AP objects to match spec
ActivityPub spec section 3.2 reads
> The client MUST specify an Accept header with the
> `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`
> media type in order to retrieve the activity.

Currently Mastodon omits the profile in its dereferences (but not the
fetch service) and only lists application/ld+json as one of several
possible types. This breaks spec and allows spec-compliant
implementations to refuse any such fetch requests.

Resolve this by adding the required profile and while at it,
make the only spec-compliant type the first listed choice in all
relevant places.
While unlikely to be a problem due to other parts already including a
profile, also keep a profile-less JSON-LD type where it existed before
to ensure this doesn't break federation with a hypothetical buggy
implemenetation relying on this current Mastodon quirk.

Section 7 also specifies the same media type MUST be used
in the Content-Type header of for POST requests, but here
we can't specify alternatives, so for now keep the current type.

Fixes a part of https://github.com/mastodon/mastodon/issues/22720
2024-05-17 22:59:52 +02:00
2 changed files with 2 additions and 2 deletions

View file

@ -44,7 +44,7 @@ class ActivityPub::Dereferencer
req = Request.new(:get, uri)
req.add_headers('Accept' => 'application/activity+json, application/ld+json')
req.add_headers('Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/ld+json')
req.add_headers(headers) if headers
req.on_behalf_of(@signature_actor) if @signature_actor

View file

@ -3,7 +3,7 @@
class FetchResourceService < BaseService
include JsonLdHelper
ACCEPT_HEADER = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", text/html;q=0.1'
ACCEPT_HEADER = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, text/html;q=0.1'
ACTIVITY_STREAM_LINK_TYPES = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze
attr_reader :response_code