From b3978cf4183297590cb992cd9684484c7f94b279 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Thu, 7 Mar 2024 15:49:33 +0100
Subject: [PATCH] content-type

---
 src/fetch/mod.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 07a6002..a6403f4 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -57,11 +57,15 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
         r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
     );
+    static ALT_CONTENT_TYPE_MASTODON: HeaderValue = HeaderValue::from_static(
+        r#"application/activity+json; charset=utf-8"#,
+    );
     let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
 
     // Ensure correct content-type to prevent vulnerabilities.
     if res.content_type.as_ref() != Some(&CONTENT_TYPE)
         && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
+        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
     {
         return Err(Error::FetchInvalidContentType(res.url));
     }