Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-01-09 14:04:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #14018 from annando/content-type-check

Browse source 
Improved Content-Type check on incoming requests
This commit is contained in:
Hypolite Petovan 2024-03-21 11:58:08 +00:00 committed by GitHub
commit f26f35f009
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 36 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Module/ActivityPub/Inbox.php
View file

@ -77,6 +77,11 @@ class Inbox extends BaseApi
throw new \Friendica\Network\HTTPException\BadRequestException(); throw new \Friendica\Network\HTTPException\BadRequestException();
} }
if (!HTTPSignature::isValidContentType($this->server['CONTENT_TYPE'] ?? '')) {
Logger::notice('Unexpected content type', ['content-type' => $this->server['CONTENT_TYPE'] ?? '', 'agent' => $this->server['HTTP_USER_AGENT'] ?? '']);
throw new \Friendica\Network\HTTPException\UnsupportedMediaTypeException();
}
if (DI::config()->get('debug', 'ap_inbox_log')) { if (DI::config()->get('debug', 'ap_inbox_log')) {
if (HTTPSignature::getSigner($postdata, $_SERVER)) { if (HTTPSignature::getSigner($postdata, $_SERVER)) {
$filename = 'signed-activitypub'; $filename = 'signed-activitypub';

15
src/Protocol/ActivityPub.php
View file

@ -95,16 +95,17 @@ class ActivityPub
public static function isRequest(): bool public static function isRequest(): bool
{ {
header('Vary: Accept', false); header('Vary: Accept', false);
if (stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/activity+json') || stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/ld+json')) {
$isrequest = stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/activity+json') ||
stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/json') ||
stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/ld+json');
if ($isrequest) {
Logger::debug('Is AP request', ['accept' => $_SERVER['HTTP_ACCEPT'], 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']); Logger::debug('Is AP request', ['accept' => $_SERVER['HTTP_ACCEPT'], 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']);
return true;
} }
return $isrequest; if (stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/json')) {
Logger::debug('Is JSON request', ['accept' => $_SERVER['HTTP_ACCEPT'], 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']);
return true;
}
return false;
} }
private static function getAccountType(array $apcontact): int private static function getAccountType(array $apcontact): int