Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity Actions

Add secure mode to content negotiated requests

Browse source
This commit is contained in:
Django Doucet 2023-05-05 14:40:30 -06:00
parent 9202c19730
commit 3d4ae84573
1 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
includes/class-activitypub.php
View file

@ -1,6 +1,8 @@
<?php
namespace Activitypub;
use Activitypub\Signature;
/**
* ActivityPub Class
*
@ -66,23 +68,24 @@ class Activitypub {
}
$accept_header = $_SERVER['HTTP_ACCEPT'];
if (
\stristr( $accept_header, 'application/activity+json' ) ||
\stristr( $accept_header, 'application/ld+json' )
) {
return $json_template;
}
// Accept header as an array.
$accept = \explode( ',', \trim( $accept_header ) );
if (
\stristr( $accept_header, 'application/activity+json' ) ||
\stristr( $accept_header, 'application/ld+json' ) ||
\in_array( 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"', $accept, true ) ||
\in_array( 'application/activity+json', $accept, true ) ||
\in_array( 'application/ld+json', $accept, true ) ||
\in_array( 'application/json', $accept, true )
) {
$secure_mode = \get_option( 'activitypub_use_secure_mode', '0' );
if ( $secure_mode ) {
$verification = Signature::verify_http_signature( $_SERVER );
if ( \is_wp_error( $verification ) ) {
// fallback as template_loader can't return http headers
return $template;
}
}
return $json_template;
}