diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-02-10 16:22:20 +0000 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2025-02-10 16:22:20 +0000 |
| commit | 2f84d151f54834ccfaee45b4a2e62dc7ee056007 (patch) | |
| tree | d82c0ff4ff968cc95f61975e4655c2d6e36c5568 /packages/backend/src/core | |
| parent | merge: hide note preview if it's already quoted - fixes #888 (!894) (diff) | |
| parent | allow ap/show to follow cross-domain redirects (diff) | |
| download | sharkey-2f84d151f54834ccfaee45b4a2e62dc7ee056007.tar.gz sharkey-2f84d151f54834ccfaee45b4a2e62dc7ee056007.tar.bz2 sharkey-2f84d151f54834ccfaee45b4a2e62dc7ee056007.zip | |
merge: Allow user-initiated object lookups (/ap/show endpoint) to follow cross-domain redirects (resolves #820) (!878)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/878
Closes #820
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
Diffstat (limited to 'packages/backend/src/core')
| -rw-r--r-- | packages/backend/src/core/activitypub/ApRequestService.ts | 15 | ||||
| -rw-r--r-- | packages/backend/src/core/activitypub/type.ts | 11 |
2 files changed, 22 insertions, 4 deletions
diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 8036c9638f..aca322e745 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -185,7 +185,7 @@ export class ApRequestService { * @param url URL to fetch */ @bindThis - public async signedGet(url: string, user: { id: MiUser['id'] }, followAlternate?: boolean): Promise<unknown> { + public async signedGet(url: string, user: { id: MiUser['id'] }, followAlternate?: boolean): Promise<object> { const _followAlternate = followAlternate ?? true; const keypair = await this.userKeypairService.getUserKeypair(user.id); @@ -239,7 +239,18 @@ export class ApRequestService { try { document.documentElement.innerHTML = html; - const alternate = document.querySelector('head > link[rel="alternate"][type="application/activity+json"]'); + // Search for any matching value in priority order: + // 1. Type=AP > Type=none > Type=anything + // 2. Alternate > Canonical + // 3. Page order (fallback) + const alternate = + document.querySelector('head > link[href][rel="alternate"][type="application/activity+json"]') ?? + document.querySelector('head > link[href][rel="canonical"][type="application/activity+json"]') ?? + document.querySelector('head > link[href][rel="alternate"]:not([type])') ?? + document.querySelector('head > link[href][rel="canonical"]:not([type])') ?? + document.querySelector('head > link[href][rel="alternate"]') ?? + document.querySelector('head > link[href][rel="canonical"]'); + if (alternate) { const href = alternate.getAttribute('href'); if (href) { diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts index 119a9d8ccb..08bd224700 100644 --- a/packages/backend/src/core/activitypub/type.ts +++ b/packages/backend/src/core/activitypub/type.ts @@ -57,9 +57,16 @@ export function getOneApId(value: ApObject): string { } /** + * Minimal AP payload - just an object with optional ID. + */ +export interface ObjectWithId { + id?: string; +} + +/** * Get ActivityStreams Object id */ -export function getApId(value: string | IObject | [string | IObject]): string { +export function getApId(value: string | ObjectWithId | [string | ObjectWithId]): string { // eslint-disable-next-line no-param-reassign value = fromTuple(value); @@ -71,7 +78,7 @@ export function getApId(value: string | IObject | [string | IObject]): string { /** * Get ActivityStreams Object id, or null if not present */ -export function getNullableApId(value: string | IObject | [string | IObject]): string | null { +export function getNullableApId(value: string | ObjectWithId | [string | ObjectWithId]): string | null { // eslint-disable-next-line no-param-reassign value = fromTuple(value); |