StaticFE: Prioritize json in requests.

This commit is contained in:
lain 2020-06-26 16:27:39 +02:00
parent 6db9f7cdb3
commit a5bbfa21a1
2 changed files with 21 additions and 4 deletions

View File

@ -9,7 +9,7 @@ defmodule Pleroma.Plugs.StaticFEPlug do
def init(options), do: options def init(options), do: options
def call(conn, _) do def call(conn, _) do
if enabled?() and accepts_html?(conn) do if enabled?() and requires_html?(conn) do
conn conn
|> StaticFEController.call(:show) |> StaticFEController.call(:show)
|> halt() |> halt()
@ -20,10 +20,13 @@ defmodule Pleroma.Plugs.StaticFEPlug do
defp enabled?, do: Pleroma.Config.get([:static_fe, :enabled], false) defp enabled?, do: Pleroma.Config.get([:static_fe, :enabled], false)
defp accepts_html?(conn) do defp requires_html?(conn) do
case get_req_header(conn, "accept") do case get_req_header(conn, "accept") do
[accept | _] -> String.contains?(accept, "text/html") [accept | _] ->
_ -> false !String.contains?(accept, "json") && String.contains?(accept, "text/html")
_ ->
false
end end
end end
end end

View File

@ -87,6 +87,20 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
assert html =~ "testing a thing!" assert html =~ "testing a thing!"
end end
test "redirects to json if requested", %{conn: conn, user: user} do
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
conn =
conn
|> put_req_header(
"accept",
"Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
)
|> get("/notice/#{activity.id}")
assert redirected_to(conn, 302) =~ activity.data["object"]
end
test "filters HTML tags", %{conn: conn} do test "filters HTML tags", %{conn: conn} do
user = insert(:user) user = insert(:user)
{:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"}) {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})