StaticFE: Prioritize json in requests.
This commit is contained in:
parent
6db9f7cdb3
commit
a5bbfa21a1
@ -9,7 +9,7 @@ defmodule Pleroma.Plugs.StaticFEPlug do
|
|||||||
def init(options), do: options
|
def init(options), do: options
|
||||||
|
|
||||||
def call(conn, _) do
|
def call(conn, _) do
|
||||||
if enabled?() and accepts_html?(conn) do
|
if enabled?() and requires_html?(conn) do
|
||||||
conn
|
conn
|
||||||
|> StaticFEController.call(:show)
|
|> StaticFEController.call(:show)
|
||||||
|> halt()
|
|> halt()
|
||||||
@ -20,10 +20,13 @@ defmodule Pleroma.Plugs.StaticFEPlug do
|
|||||||
|
|
||||||
defp enabled?, do: Pleroma.Config.get([:static_fe, :enabled], false)
|
defp enabled?, do: Pleroma.Config.get([:static_fe, :enabled], false)
|
||||||
|
|
||||||
defp accepts_html?(conn) do
|
defp requires_html?(conn) do
|
||||||
case get_req_header(conn, "accept") do
|
case get_req_header(conn, "accept") do
|
||||||
[accept | _] -> String.contains?(accept, "text/html")
|
[accept | _] ->
|
||||||
_ -> false
|
!String.contains?(accept, "json") && String.contains?(accept, "text/html")
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -87,6 +87,20 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
|
|||||||
assert html =~ "testing a thing!"
|
assert html =~ "testing a thing!"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "redirects to json if requested", %{conn: conn, user: user} do
|
||||||
|
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header(
|
||||||
|
"accept",
|
||||||
|
"Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
|
||||||
|
)
|
||||||
|
|> get("/notice/#{activity.id}")
|
||||||
|
|
||||||
|
assert redirected_to(conn, 302) =~ activity.data["object"]
|
||||||
|
end
|
||||||
|
|
||||||
test "filters HTML tags", %{conn: conn} do
|
test "filters HTML tags", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
{:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
|
{:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
|
||||||
|
Loading…
Reference in New Issue
Block a user