willnorris
commented
1 year ago It doesn't expose a warning on an invalid content type (that's actually kinda complicated because that code is down in the go-webfinger client), but I think it shouldn't error anymore on an unexpected content type. Try it again and let me know if that works for you now.
roycewilliams
Please consider throwing a non-fatal warning when content-type is invalid or missing, and continue to evaluate the raw text as potential JSON.
Reasoning: an emerging common design pattern - for small / personal / vanity domains - appears to be to create a single static webfinger file. This produces "wildcard" behavior (that gives the same response regardless of the supplied parameters), but is much easier for the uninitiated to implement. Many Mastodon implementations appear to ignore the content-type, and accept the results as valid.
When a static file is used, the validation flow currently stops here, with an empty content-type:
Error getting JRD: invalid content-type:If wild results from obviously bad input are a concern, this could be covered by a brief/naive front-of-file "magic" test - to see if the file begins with zero or whitespace followed by an open brace, etc. - and/or a size cap, etc.