[Bug]: Docker nginx.conf Accept header handling incorrect when passing in multiple types

[fishcharlie]

Requirements

• [X] Is this a bug report? For questions or discussions use https://lemmy.ml/c/lemmy_support
• [X] Did you check to see if this issue already exists?
• [X] Is this only a single bug? Do not put multiple bugs in one issue.
• [X] Do you agree to follow the rules in our Code of Conduct?
• [X] Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Summary

I think that the nginx.conf file included with Lemmy doesn't handle the Accept header properly. If you have multiple options, it doesn't pick the preferred option. There should be no functional difference between Accept: application/activity+json & Accept: application/activity+json, application/ld+json, but it seems like there is.

I could be totally wrong about this. But it seems like when there are multiple accepted types passed into the header it doesn't handle that properly.

Steps to Reproduce

1. Create a docker-compose based Lemmy instance (ensure you are using this as your nginx.conf: https://github.com/LemmyNet/lemmy/blob/main/docker/nginx.conf)
2. Make a request to a community on that with a header of Accept: application/activity+json (notice that response returns JSON)
   • Example: curl https://eventfrontier.com/c/travel -H "Accept: application/activity+json"
3. Make same request with header of Accept: application/activity+json, application/ld+json (notice that response returns HTML)
   • Example: curl https://eventfrontier.com/c/travel -H "Accept: application/activity+json, application/ld+json"

I expect steps 2 & 3 to return the same result.

Technical Details

Logs:

proxy-1 | 2024-10-19T20:17:13.082095893Z 172.31.0.1 - - [19/Oct/2024:20:17:13 +0000] "GET /c/travel HTTP/1.1" 200 1074 "-" "curl/8.7.1" proxy-1 | 2024-10-19T20:17:27.367621427Z 172.31.0.1 - - [19/Oct/2024:20:17:27 +0000] "GET /c/travel HTTP/1.1" 200 13430 "-" "curl/8.7.1"

OS: Ubuntu 22.04.5 LTS Browser Console Errors: Not relevant since I'm making requests directly using curl

Version

BE: 0.19.4

Lemmy Instance URL

eventfrontier.com

[fishcharlie]

I think possibly using regex here to match against headers might work. Something like this maybe??

if ($http_accept ~* "application/activity\+json") {
    set $proxpass "http://lemmy";
}
if ($http_accept ~* "application/ld\+json;\s*profile=\"https://www.w3.org/ns/activitystreams\"") {
    set $proxpass "http://lemmy";
}

However, while that would fix this specific issue, it isn't the best option since technically a client could send Accept: text/html, application/activity+json and that would return application/activity+json even tho text/html is preferred.

I'm not sure if nginx has a better way to handle this.

[Nothing4You]

You're using incorrect nginx configuration.

The file located in the docker folder in this repository is not meant for production.

Considering that you don't seem to be using the ansible or docker setup, you should be following the instructions over at https://join-lemmy.org/docs/administration/from_scratch.html.

If you test the same headers against lemmy.ml you'll see that it's working fine there.

[dessalines]

Here's the file to look at: https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/nginx_internal.conf

[fishcharlie]

@Nothing4You I forgot to reply. It seems like I got this fixed. Thanks so much for your help. And thank you @dessalines.

[dessalines]

No probs!