Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-05 03:51:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #14001, regression from adjusted acceptable types list

Browse Source
This commit is contained in:
Julian Lam
2026-02-18 11:14:16 -05:00
parent 9fbdc79202
commit 80f6102224
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/activitypub/helpers.js
View File

@@ -66,8 +66,15 @@ Helpers.isUri = (value) => {
}; };
Helpers.assertAccept = (accept) => { Helpers.assertAccept = (accept) => {
if (!accept) return false; if (!accept) {
const normalized = accept.split(',').map(s => s.trim().replace(/\s*;\s*/g, ';')).join(','); return false;
}
const normalized = accept
.split(',')
.map(s => s.trim().replace(/\s*;\s*/g, ';')) // spec allows spaces around semi-colon
.join(',');
return activitypub._constants.acceptableTypes.some(type => normalized.includes(type)); return activitypub._constants.acceptableTypes.some(type => normalized.includes(type));
}; };

7
src/middleware/activitypub.js
View File

@@ -19,11 +19,16 @@ middleware.pageview = async (req, res, next) => {
middleware.assertS2S = async function (req, res, next) { middleware.assertS2S = async function (req, res, next) {
// For whatever reason, express accepts does not recognize "profile" as a valid differentiator // For whatever reason, express accepts does not recognize "profile" as a valid differentiator
// Therefore, manual header parsing is used here. // Therefore, manual header parsing is used here.
const { accept, 'content-type': contentType } = req.headers; let { accept, 'content-type': contentType } = req.headers;
if (!(accept || contentType)) { if (!(accept || contentType)) {
return next('route'); return next('route');
} }
// Normalize content-type
if (contentType) {
contentType = contentType.trim().replace(/\s*;\s*/g, ';'); // spec allows spaces around semi-colon
}
const pass = activitypub.helpers.assertAccept(accept) || const pass = activitypub.helpers.assertAccept(accept) ||
(contentType && activitypub._constants.acceptableTypes.includes(contentType)); (contentType && activitypub._constants.acceptableTypes.includes(contentType));