From 226d850836d56d2b93b970b51bb868b9f2fd1b0a Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Thu, 2 May 2024 13:31:07 +0200
Subject: [PATCH 1/4] Make response content-type check case insensitive

For wordpress compat
---
 src/fetch/mod.rs | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 4d563b6..45b2a31 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -54,17 +54,20 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     data: &Data<T>,
 ) -> Result<FetchObjectResponse<Kind>, Error> {
     static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
-    static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
-        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
-    );
-    static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
-        HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
+    static ALT_CONTENT_TYPE: &str =
+        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
+    static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
     let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
 
-    // Ensure correct content-type to prevent vulnerabilities.
-    if res.content_type.as_ref() != Some(&CONTENT_TYPE)
-        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
-        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
+    // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
+    let content_type = res
+        .content_type
+        .as_ref()
+        .and_then(|c| c.to_str().map(str::to_lowercase).ok());
+    let content_type = content_type.as_deref();
+    if content_type != Some(FEDERATION_CONTENT_TYPE)
+        && content_type != Some(ALT_CONTENT_TYPE)
+        && content_type != Some(ALT_CONTENT_TYPE_MASTODON)
     {
         return Err(Error::FetchInvalidContentType(res.url));
     }

From c8b48371e09054d0a2672084c734eb124e3bea27 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Fri, 3 May 2024 00:23:38 +0200
Subject: [PATCH 2/4] cleaner

---
 src/fetch/mod.rs | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 45b2a31..494d69e 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -53,22 +53,22 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     url: &Url,
     data: &Data<T>,
 ) -> Result<FetchObjectResponse<Kind>, Error> {
-    static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
-    static ALT_CONTENT_TYPE: &str =
-        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#;
-    static ALT_CONTENT_TYPE_MASTODON: &str = r#"application/activity+json; charset=utf-8"#;
-    let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
+    static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
+    const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
+        FEDERATION_CONTENT_TYPE, // lemmy
+        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
+        r#"application/activity+json; charset=utf-8"#,                             // mastodon
+    ];
+    let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
 
     // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
     let content_type = res
         .content_type
         .as_ref()
-        .and_then(|c| c.to_str().map(str::to_lowercase).ok());
-    let content_type = content_type.as_deref();
-    if content_type != Some(FEDERATION_CONTENT_TYPE)
-        && content_type != Some(ALT_CONTENT_TYPE)
-        && content_type != Some(ALT_CONTENT_TYPE_MASTODON)
-    {
+        .map(|c| c.to_str().ok())
+        .flatten()
+        .ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
+    if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
         return Err(Error::FetchInvalidContentType(res.url));
     }
 

From dc1e5c995ad3e2368be5b8ba0d8e38936770d4f9 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Fri, 3 May 2024 00:26:02 +0200
Subject: [PATCH 3/4] clippy

---
 src/fetch/mod.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 494d69e..67165a9 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -65,8 +65,7 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     let content_type = res
         .content_type
         .as_ref()
-        .map(|c| c.to_str().ok())
-        .flatten()
+        .and_then(|c| c.to_str().ok())
         .ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
     if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
         return Err(Error::FetchInvalidContentType(res.url));

From 87c29060589dc50bc34a1e1af9cf4087485a0cb2 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Fri, 3 May 2024 00:30:10 +0200
Subject: [PATCH 4/4] fmt

---
 src/fetch/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 67165a9..3e2cadf 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -55,7 +55,7 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
 ) -> Result<FetchObjectResponse<Kind>, Error> {
     static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
     const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
-        FEDERATION_CONTENT_TYPE, // lemmy
+        FEDERATION_CONTENT_TYPE,                                                   // lemmy
         r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
         r#"application/activity+json; charset=utf-8"#,                             // mastodon
     ];