Fix Accept headers when fetching AP objects to match spec

ActivityPub spec section 3.2 reads
> The client MUST specify an Accept header with the
> `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`
> media type in order to retrieve the activity.

Currently Mastodon omits the profile in its dereferences (but not the
fetch service) and only lists application/ld+json as one of several
possible types. This breaks spec and allows spec-compliant
implementations to refuse any such fetch requests.

Resolve this by adding the required profile and while at it,
make the only spec-compliant type the first listed choice in all
relevant places.
While unlikely to be a problem due to other parts already including a
profile, also keep a profile-less JSON-LD type where it existed before
to ensure this doesn't break federation with a hypothetical buggy
implemenetation relying on this current Mastodon quirk.

Section 7 also specifies the same media type MUST be used
in the Content-Type header of for POST requests, but here
we can't specify alternatives, so for now keep the current type.

Fixes a part of https://github.com/mastodon/mastodon/issues/22720
This commit is contained in:
Oneric 2024-05-17 22:29:48 +02:00
parent 2da2a1dae9
commit 70be92c897
2 changed files with 2 additions and 2 deletions

View file

@ -44,7 +44,7 @@ class ActivityPub::Dereferencer
req = Request.new(:get, uri)
req.add_headers('Accept' => 'application/activity+json, application/ld+json')
req.add_headers('Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, application/ld+json')
req.add_headers(headers) if headers
req.on_behalf_of(@signature_actor) if @signature_actor

View file

@ -3,7 +3,7 @@
class FetchResourceService < BaseService
include JsonLdHelper
ACCEPT_HEADER = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", text/html;q=0.1'
ACCEPT_HEADER = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, text/html;q=0.1'
ACTIVITY_STREAM_LINK_TYPES = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze
attr_reader :response_code