Allow JSON-LD documents with multiple profiles

glitch-soc/security/915cd36ac11fc9d6fd221d68ed5b0749b88c734
Claire 2024-02-09 18:24:26 +01:00
parent 58455b8bd9
commit 185ecec0df
1 changed files with 5 additions and 1 deletions

View File

@ -183,7 +183,11 @@ module JsonLdHelper
# When the mime type is `application/ld+json`, we need to check the profile, # When the mime type is `application/ld+json`, we need to check the profile,
# but `http.rb` does not parse it for us. # but `http.rb` does not parse it for us.
response.mime_type == 'application/ld+json' && response.headers[HTTP::Headers::CONTENT_TYPE]&.split(';')&.map(&:strip)&.include?('profile="https://www.w3.org/ns/activitystreams"') return false unless response.mime_type == 'application/ld+json'
response.headers[HTTP::Headers::CONTENT_TYPE]&.split(';')&.map(&:strip)&.any? do |str|
str.start_with?('profile="') && str[9...-1].split.include?('https://www.w3.org/ns/activitystreams')
end
end end
def body_to_json(body, compare_id: nil) def body_to_json(body, compare_id: nil)