Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-22 12:30:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improved Content-Type check on incoming requests

Browse source
This commit is contained in:
Michael 2024-02-28 23:34:58 +00:00
parent f60638787e
commit 11a16589da
3 changed files with 36 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/Module/ActivityPub/Inbox.php
View file

@ -77,6 +77,11 @@ class Inbox extends BaseApi
throw new \Friendica\Network\HTTPException\BadRequestException();
}
if (!HTTPSignature::isValidContentType($this->server['CONTENT_TYPE'] ?? '')) {
Logger::notice('Unexpected content type', ['content-type' => $this->server['CONTENT_TYPE'] ?? '', 'agent' => $this->server['HTTP_USER_AGENT'] ?? '']);
throw new \Friendica\Network\HTTPException\UnsupportedMediaTypeException();
}
if (DI::config()->get('debug', 'ap_inbox_log')) {
if (HTTPSignature::getSigner($postdata, $_SERVER)) {
$filename = 'signed-activitypub';