[backend] Enforce JSON-LD profile when fetching activities

This commit is contained in:
Laura Hausmann 2024-02-17 15:55:48 +01:00
parent 31122636d3
commit 099ba9ce65
No known key found for this signature in database
GPG Key ID: D044E84C5BE01605

View File

@ -48,7 +48,9 @@ export async function getJsonActivity(
}); });
const contentType = res.headers.get('content-type'); const contentType = res.headers.get('content-type');
if (contentType == null || (contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') && contentType !== 'application/ld+json' && !contentType.startsWith('application/ld+json;'))) if (contentType == null ||
(contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') &&
(!contentType.startsWith('application/ld+json;') || !contentType.includes('profile="https://www.w3.org/ns/activitystreams"'))))
throw new Error(`getJsonActivity response had unexpected content-type: ${contentType}`); throw new Error(`getJsonActivity response had unexpected content-type: ${contentType}`);
return { return {