<?php
/**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
{
protected function rawContent(array $request = [])
{
+ header('Vary: Accept', false);
+
// @TODO: Replace with parameter from router
if (DI::args()->getArgv()[0] == 'xrd') {
if (empty($_GET['uri'])) {
if (substr($uri, 0, 4) === 'http') {
$name = ltrim(basename($uri), '~');
+ $host = parse_url($uri, PHP_URL_HOST);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
- $name = substr($local, 0, strpos($local, '@'));
+ list($name, $host) = explode('@', $local);
+ }
+
+ if (!empty($host) && $host !== DI::baseUrl()->getHost()) {
+ DI::logger()->notice('Invalid host name for xrd query',['host' => $host, 'uri' => $uri]);
+ throw new NotFoundException('Invalid host name for xrd query: ' . $host);
}
+ header('Vary: Accept', false);
+
if ($name == User::getActorName()) {
$owner = User::getSystemAccount();
if (empty($owner)) {
private function printSystemJSON(array $owner)
{
- $baseURL = $this->baseUrl->get();
+ $baseURL = (string)$this->baseUrl;
$json = [
'subject' => 'acct:' . $owner['addr'],
'aliases' => [$owner['url']],
private function printJSON(string $alias, array $owner, array $avatar)
{
- $baseURL = $this->baseUrl->get();
+ $baseURL = (string)$this->baseUrl;
$json = [
'subject' => 'acct:' . $owner['addr'],
'type' => 'text/html',
'href' => $baseURL . '/hcard/' . $owner['nickname'],
],
- [
- 'rel' => ActivityNamespace::POCO,
- 'href' => $owner['poco'],
- ],
[
'rel' => 'http://webfinger.net/rel/avatar',
'type' => $avatar['type'],
private function printXML(string $alias, array $owner, array $avatar)
{
- $baseURL = $this->baseUrl->get();
-
- $xml = null;
+ $baseURL = (string)$this->baseUrl;
- XML::fromArray([
+ $xmlString = XML::fromArray([
'XRD' => [
'@attributes' => [
'xmlns' => 'http://docs.oasis-open.org/ns/xri/xrd-1.0',
]
],
'5:link' => [
- '@attributes' => [
- 'rel' => 'http://portablecontacts.net/spec/1.0',
- 'href' => $owner['poco']
- ]
- ],
- '6:link' => [
'@attributes' => [
'rel' => 'http://webfinger.net/rel/avatar',
'type' => $avatar['type'],
'href' => User::getAvatarUrl($owner)
]
],
- '7:link' => [
+ '6:link' => [
'@attributes' => [
'rel' => 'http://joindiaspora.com/seed_location',
'type' => 'text/html',
'href' => $baseURL
]
],
- '8:link' => [
+ '7:link' => [
'@attributes' => [
'rel' => 'salmon',
'href' => $baseURL . '/salmon/' . $owner['nickname']
]
],
- '9:link' => [
+ '8:link' => [
'@attributes' => [
'rel' => 'http://salmon-protocol.org/ns/salmon-replies',
'href' => $baseURL . '/salmon/' . $owner['nickname']
]
],
- '10:link' => [
+ '9:link' => [
'@attributes' => [
'rel' => 'http://salmon-protocol.org/ns/salmon-mention',
'href' => $baseURL . '/salmon/' . $owner['nickname'] . '/mention'
]
],
- '11:link' => [
+ '10:link' => [
'@attributes' => [
'rel' => 'http://ostatus.org/schema/1.0/subscribe',
'template' => $baseURL . '/contact/follow?url={uri}'
]
],
- '12:link' => [
+ '11:link' => [
'@attributes' => [
'rel' => 'magic-public-key',
'href' => 'data:application/magic-public-key,' . Salmon::salmonKey($owner['spubkey'])
]
],
- '13:link' => [
+ '12:link' => [
'@attributes' => [
'rel' => 'http://purl.org/openwebauth/v1',
'type' => 'application/x-zot+json',
]
],
],
- ], $xml);
+ ]);
header('Access-Control-Allow-Origin: *');
-
- System::httpExit($xml->saveXML(), Response::TYPE_XML, 'application/xrd+xml');
+ System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml');
}
}