From 099ba9ce65486d176ff6c7a2f22a137046834037 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Sat, 17 Feb 2024 15:55:48 +0100
Subject: [PATCH] [backend] Enforce JSON-LD profile when fetching activities

---
 packages/backend/src/misc/fetch.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/misc/fetch.ts b/packages/backend/src/misc/fetch.ts
index 46379af1a..c6e0054f6 100644
--- a/packages/backend/src/misc/fetch.ts
+++ b/packages/backend/src/misc/fetch.ts
@@ -48,7 +48,9 @@ export async function getJsonActivity(
 	});
 
 	const contentType = res.headers.get('content-type');
-	if (contentType == null || (contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') && contentType !== 'application/ld+json' && !contentType.startsWith('application/ld+json;')))
+	if (contentType == null ||
+		(contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') &&
+		(!contentType.startsWith('application/ld+json;') || !contentType.includes('profile="https://www.w3.org/ns/activitystreams"'))))
 		throw new Error(`getJsonActivity response had unexpected content-type: ${contentType}`);
 
 	return {