mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-02 03:42:26 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] add stricter checks during all stages of dereferencing remote AS objects (#2639)

Browse source 
* add stricter checks during all stages of dereferencing remote AS objects

* a comment
This commit is contained in:
kim 2024-02-14 11:13:38 +00:00 committed by tobi
commit b9013a8ab3
15 changed files with 351 additions and 167 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/transport/dereference.go
View file

@ -64,9 +64,16 @@ func (t *transport) Dereference(ctx context.Context, iri *url.URL) ([]byte, erro
}
defer rsp.Body.Close()
// Ensure a non-error status response.
if rsp.StatusCode != http.StatusOK {
return nil, gtserror.NewFromResponse(rsp)
}
// Ensure that the incoming request content-type is expected.
if ct := rsp.Header.Get("Content-Type"); !apiutil.ASContentType(ct) {
err := gtserror.Newf("non activity streams response: %s", ct)
return nil, gtserror.SetMalformed(err)
}
return io.ReadAll(rsp.Body)
}