forked from mirror/pixelfed
Update ActivityPubFetchService, enforce stricter Content-Type validation
This commit is contained in:
parent
4c6ec20e36
commit
1232cfc86a
1 changed files with 52 additions and 29 deletions
|
@ -28,7 +28,8 @@ class ActivityPubFetchService
|
|||
$headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')';
|
||||
|
||||
try {
|
||||
$res = Http::withOptions(['allow_redirects' => false])->withHeaders($headers)
|
||||
$res = Http::withOptions(['allow_redirects' => false])
|
||||
->withHeaders($headers)
|
||||
->timeout(30)
|
||||
->connectTimeout(5)
|
||||
->retry(3, 500)
|
||||
|
@ -40,9 +41,31 @@ class ActivityPubFetchService
|
|||
} catch (Exception $e) {
|
||||
return;
|
||||
}
|
||||
|
||||
if(!$res->ok()) {
|
||||
return;
|
||||
}
|
||||
|
||||
if(!$res->hasHeader('Content-Type')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$acceptedTypes = [
|
||||
'application/activity+json; charset=utf-8',
|
||||
'application/activity+json',
|
||||
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
|
||||
];
|
||||
|
||||
$contentType = $res->getHeader('Content-Type')[0];
|
||||
|
||||
if(!$contentType) {
|
||||
return;
|
||||
}
|
||||
|
||||
if(!in_array($contentType, $acceptedTypes)) {
|
||||
return;
|
||||
}
|
||||
|
||||
return $res->body();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue