From e2cff0340f9353c7e311e1f94d79e2f5020a63cd Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Sat, 17 Feb 2024 16:11:23 +0100
Subject: [PATCH] [backend] When fetching activities, specify the acceptable
 JSON-LD profile explicitly

---
 packages/backend/src/misc/fetch.ts                    | 5 +++--
 packages/backend/src/remote/activitypub/ap-request.ts | 2 +-
 packages/backend/src/remote/activitypub/request.ts    | 5 ++++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/misc/fetch.ts b/packages/backend/src/misc/fetch.ts
index c6e0054f6..25dff6533 100644
--- a/packages/backend/src/misc/fetch.ts
+++ b/packages/backend/src/misc/fetch.ts
@@ -30,7 +30,7 @@ export async function getJson(
 
 export async function getJsonActivity(
 	url: string,
-	accept = "application/activity+json, application/ld+json",
+	accept = "application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
 	timeout = 10000,
 	headers?: Record<string, string>,
 ) {
@@ -50,8 +50,9 @@ export async function getJsonActivity(
 	const contentType = res.headers.get('content-type');
 	if (contentType == null ||
 		(contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') &&
-		(!contentType.startsWith('application/ld+json;') || !contentType.includes('profile="https://www.w3.org/ns/activitystreams"'))))
+		(!contentType.startsWith('application/ld+json;') || !contentType.includes('profile="https://www.w3.org/ns/activitystreams"')))) {
 		throw new Error(`getJsonActivity response had unexpected content-type: ${contentType}`);
+	}
 
 	return {
 		finalUrl: res.url,
diff --git a/packages/backend/src/remote/activitypub/ap-request.ts b/packages/backend/src/remote/activitypub/ap-request.ts
index d5a9ec053..267092958 100644
--- a/packages/backend/src/remote/activitypub/ap-request.ts
+++ b/packages/backend/src/remote/activitypub/ap-request.ts
@@ -65,7 +65,7 @@ export function createSignedGet(args: {
 		method: "GET",
 		headers: objectAssignWithLcKey(
 			{
-				Accept: "application/activity+json, application/ld+json",
+				Accept: "application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
 				Date: new Date().toUTCString(),
 				Host: new URL(args.url).hostname,
 			},
diff --git a/packages/backend/src/remote/activitypub/request.ts b/packages/backend/src/remote/activitypub/request.ts
index b5d089a92..e4aa190d3 100644
--- a/packages/backend/src/remote/activitypub/request.ts
+++ b/packages/backend/src/remote/activitypub/request.ts
@@ -66,8 +66,11 @@ export async function signedGet(url: string, user: { id: User["id"] }, redirects
 	}
 
 	const contentType = res.headers.get('content-type');
-	if (contentType == null || (contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') && contentType !== 'application/ld+json' && !contentType.startsWith('application/ld+json;')))
+	if (contentType == null ||
+		(contentType !== 'application/activity+json' && !contentType.startsWith('application/activity+json;') &&
+			(!contentType.startsWith('application/ld+json;') || !contentType.includes('profile="https://www.w3.org/ns/activitystreams"')))) {
 		throw new Error(`signedGet response had unexpected content-type: ${contentType}`);
+	}
 
 	return {
 		finalUrl: res.url,