merge: Only accept HTML `<link rel="alternate">` on successful HTTP statuses (!633)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/633

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: fEmber <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>

1 files changed, 7 insertions, 1 deletions

diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts
index 63871b38f9..0b9139db90 100644
--- a/packages/backend/src/core/activitypub/ApRequestService.ts
+++ b/packages/backend/src/core/activitypub/ApRequestService.ts
@@ -207,7 +207,11 @@ export class ApRequestService {
 		//#region リクエスト先がhtmlかつactivity+jsonへのalternate linkタグがあるとき
 		const contentType = res.headers.get('content-type');
 
-		if ((contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' && _followAlternate === true) {
+		if (
+			res.ok
+			&& (contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html'
+			&& _followAlternate === true
+		) {
 			const html = await res.text();
 			const window = new Window({
 				settings: {
@@ -242,6 +246,8 @@ export class ApRequestService {
 				}
 			} catch (e) {
 				// something went wrong parsing the HTML, ignore the whole thing
+			} finally {
+				await window.happyDOM.close();
 			}
 		}
 		//#endregion