Make response content-type check case insensitive (#111)

* Make response content-type check case insensitive

For wordpress compat

* cleaner

* clippy

* fmt

* fmt

src/fetch/mod.rs

@@ -53,19 +53,21 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     url: &Url,
     data: &Data<T>,
 ) -> Result<FetchObjectResponse<Kind>, Error> {
-    static CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
+    static FETCH_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(FEDERATION_CONTENT_TYPE);
-    static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
+    const VALID_RESPONSE_CONTENT_TYPES: [&str; 3] = [
-        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
+        FEDERATION_CONTENT_TYPE, // lemmy
-    );
+        r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
-    static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
+        r#"application/activity+json; charset=utf-8"#,                             // mastodon
-        HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
+    ];
-    let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
+    let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
 
-    // Ensure correct content-type to prevent vulnerabilities.
+    // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
-    if res.content_type.as_ref() != Some(&CONTENT_TYPE)
+    let content_type = res
-        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
+        .content_type
-        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
+        .as_ref()
-    {
+        .and_then(|c| c.to_str().ok())
+        .ok_or(Error::FetchInvalidContentType(res.url.clone()))?;
+    if !VALID_RESPONSE_CONTENT_TYPES.contains(&content_type) {
         return Err(Error::FetchInvalidContentType(res.url));
     }