From 6ea48be84abdab66301a957c27dd5d84886dfb36 Mon Sep 17 00:00:00 2001 From: Julia Johannesen Date: Sun, 22 Sep 2024 17:13:24 -0400 Subject: [PATCH 1/4] Only accept HTML `` on success --- packages/backend/src/core/activitypub/ApRequestService.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 63871b38f9..ec06b4d9c1 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -207,7 +207,12 @@ export class ApRequestService { //#region リクエスト先がhtmlかつactivity+jsonへのalternate linkタグがあるとき const contentType = res.headers.get('content-type'); - if ((contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' && _followAlternate === true) { + if ( + res.status >= 200 + && res.status <= 299 + && (contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' + && _followAlternate === true + ) { const html = await res.text(); const window = new Window({ settings: { From b667a68bd4eb916084658592d2942d521950005b Mon Sep 17 00:00:00 2001 From: Julia Johannesen Date: Sun, 22 Sep 2024 18:35:29 -0400 Subject: [PATCH 2/4] Use `res.ok` instead of 200-299 --- packages/backend/src/core/activitypub/ApRequestService.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index ec06b4d9c1..533c8250e0 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -208,8 +208,7 @@ export class ApRequestService { const contentType = res.headers.get('content-type'); if ( - res.status >= 200 - && res.status <= 299 + res.ok && (contentType ?? '').split(';')[0].trimEnd().toLowerCase() === 'text/html' && _followAlternate === true ) { From 5b282924ea99438c886e7a8c999cbb78ee4d6103 Mon Sep 17 00:00:00 2001 From: Julia Johannesen Date: Sun, 22 Sep 2024 18:36:46 -0400 Subject: [PATCH 3/4] Add `DetachedWindowAPI.close` calls --- packages/backend/src/core/activitypub/ApRequestService.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 533c8250e0..8cf1f9066f 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -241,11 +241,16 @@ export class ApRequestService { if (alternate) { const href = alternate.getAttribute('href'); if (href) { + // Since this early exits, we need to call DetachedWindowAPI.close + await window.happyDOM.close(); + return await this.signedGet(href, user, false); } } } catch (e) { // something went wrong parsing the HTML, ignore the whole thing + } finally { + await window.happyDOM.close(); } } //#endregion From e4cbd588215e0860698214e2cc55713fa69d6458 Mon Sep 17 00:00:00 2001 From: Julia Johannesen Date: Sun, 22 Sep 2024 18:51:29 -0400 Subject: [PATCH 4/4] Remove superfluous `DetachedWindowAPI.close` call --- packages/backend/src/core/activitypub/ApRequestService.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 8cf1f9066f..0b9139db90 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -241,9 +241,6 @@ export class ApRequestService { if (alternate) { const href = alternate.getAttribute('href'); if (href) { - // Since this early exits, we need to call DetachedWindowAPI.close - await window.happyDOM.close(); - return await this.signedGet(href, user, false); } }