search

superseriousbusiness / gotosocial

Fast, fun, small ActivityPub server.
https://docs.gotosocial.org
GNU Affero General Public License v3.0
3.56k stars 300 forks source link

[bug] Inclusion of invalid JSON-LD @context entries #1947

Open erincandescent opened 1 year ago

erincandescent commented 1 year ago

The @context array in JSON-LD may contain two things:

GoToSocial includes "http://joinmastodon.org/ns" (and "http://schema.org"?). Neither serves a JSON-LD document, so they shouldn't be included:

$ curl -H "Accept: application/ld+json" http://joinmastodon.org/ns -v
*   Trying 2a04:4e42:a00::347:80...
* Connected to joinmastodon.org (2a04:4e42:a00::347) port 80 (#0)
> GET /ns HTTP/1.1
> Host: joinmastodon.org
> User-Agent: curl/7.85.0
> Accept: application/ld+json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Connection: close
< Content-Length: 0
< Server: Varnish
< Retry-After: 0
< Location: https://joinmastodon.org/ns
< Accept-Ranges: bytes
< Date: Wed, 05 Jul 2023 11:16:03 GMT
< Via: 1.1 varnish
< X-Served-By: cache-bma1636-BMA
< X-Cache: HIT
< X-Cache-Hits: 0
< X-Timer: S1688555764.869779,VS0,VE1
< Strict-Transport-Security: max-age=300
< alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

$ curl -H "Accept: application/ld+json" https://joinmastodon.org/ns -v
*   Trying 2a04:4e42:a00::347:443...
* Connected to joinmastodon.org (2a04:4e42:a00::347) port 443 (#0)
> GET /ns HTTP/2
> Host: joinmastodon.org
> user-agent: curl/7.85.0
> accept: application/ld+json
>
< HTTP/2 404
< cache-control: private, no-cache, no-store, max-age=0, must-revalidate
< content-type: text/html; charset=utf-8
< etag: "j6meoew0yap42"
< x-nextjs-cache: HIT
< x-powered-by: Next.js
< accept-ranges: bytes
< via: 1.1 varnish, 1.1 varnish
< date: Wed, 05 Jul 2023 11:16:30 GMT
< x-served-by: cache-fra-eddf8230083-FRA, cache-bma1628-BMA
< x-cache: MISS, MISS
< x-cache-hits: 0, 0
< x-timer: S1688555791.620471,VS0,VE28
< vary: Accept-Encoding
< strict-transport-security: max-age=300
< alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

From looking at (your fork of) the go-fed/activity code, it appears this comes from a fundamental misunderstanding (the code believes that JSON-LD contexts work like XML namespaces, when they do not; they are sort of an overlay on top of them)

This was originally noticed as Takahe issue 223. They have a workaround, but this GTS behaviour is incorrect.

tsmethurst commented 1 year ago

relates to #240

erincandescent commented 1 year ago

BTW as a workaround for the time being you could just rehost the contexts you're referencing somewhere else. Although I'm not sure if that would terminally confuse the go-fed/activity library

tsmethurst commented 1 year ago

Mmm i'm also not sure... I wouldn't really like to try it tbh, it's probably just something we should fix in our fork.

puckipedia commented 4 months ago

I just hit this as well. http://schema.org is a valid JSON-LD context, through a Link header. But actually applying the schema.org context causes name and Person (among with other values) to be replaced by http://schema.org/name and http://schema.org/Person, which makes it unusable.

tsmethurst commented 4 months ago

Yup, makes sense! We've had this on the back burner for a while now as something to fix. It's been low priority because most other implementations don't really do anything with json-ld compaction or schemas or what have you, and fixing it requires faffing about in our go-fed/activity fork. Actually this would be a great candidate for 'bugs to fix in beta' this year.

zotanmew commented 4 months ago

I also just hit this, my implementation refused to fetch an actor due to the type being deserialized as http://schema.org/Person.