diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-07-07 00:04:24 +0000 |
|---|---|---|
| committer | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-07-07 00:04:24 +0000 |
| commit | 2a323d37971d364fefd46e840424c631cc4a7d2b (patch) | |
| tree | 86a5cc0ad9afb6158d18ef6c4200a7c6e147b1da | |
| parent | 69f0b286f7b3e0518ac7ae54dfb06539dc179698 (diff) | |
| parent | 158c26d7ddb3c77dc99a6298114929faf6a2915a (diff) | |
| download | pleroma-2a323d37971d364fefd46e840424c631cc4a7d2b.tar.gz | |
Merge branch '1507-static-fe-prioritize-json' into 'develop'
StaticFE: Prioritize json in requests.
Closes #1507
See merge request pleroma/pleroma!2695
| -rw-r--r-- | lib/pleroma/plugs/static_fe_plug.ex | 9 | ||||
| -rw-r--r-- | test/web/static_fe/static_fe_controller_test.exs | 14 |
2 files changed, 17 insertions, 6 deletions
diff --git a/lib/pleroma/plugs/static_fe_plug.ex b/lib/pleroma/plugs/static_fe_plug.ex index 156e6788e..143665c71 100644 --- a/lib/pleroma/plugs/static_fe_plug.ex +++ b/lib/pleroma/plugs/static_fe_plug.ex @@ -9,7 +9,7 @@ defmodule Pleroma.Plugs.StaticFEPlug do def init(options), do: options def call(conn, _) do - if enabled?() and accepts_html?(conn) do + if enabled?() and requires_html?(conn) do conn |> StaticFEController.call(:show) |> halt() @@ -20,10 +20,7 @@ defmodule Pleroma.Plugs.StaticFEPlug do defp enabled?, do: Pleroma.Config.get([:static_fe, :enabled], false) - defp accepts_html?(conn) do - case get_req_header(conn, "accept") do - [accept | _] -> String.contains?(accept, "text/html") - _ -> false - end + defp requires_html?(conn) do + Phoenix.Controller.get_format(conn) == "html" end end diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index a49ab002f..1598bf675 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -87,6 +87,20 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do assert html =~ "testing a thing!" end + test "redirects to json if requested", %{conn: conn, user: user} do + {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"}) + + conn = + conn + |> put_req_header( + "accept", + "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html" + ) + |> get("/notice/#{activity.id}") + + assert redirected_to(conn, 302) =~ activity.data["object"] + end + test "filters HTML tags", %{conn: conn} do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"}) |