svemagie/indiekit-endpoint-activitypub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-activitypub.git synced 2026-04-02 15:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: skip Fedify middleware for non-GET requests in contentNegotiationRoutes

Browse Source 
The contentNegotiationRoutes getter is mounted at root / and was passing
ALL requests through Fedify, including POST requests to admin routes.
fromExpressRequest() calls Readable.toWeb(req) which consumes the body
stream, causing "response body object should not be distributed or locked"
errors when admin controllers try to read req.body.

The v1.0.2 fix only protected routesPublic (mounted at /activitypub).
This fixes the actual culprit by skipping non-GET/HEAD methods in
contentNegotiationRoutes, since content negotiation and NodeInfo are
both GET-only concerns.
This commit is contained in:
Ricardo
2026-02-19 12:52:02 +01:00
parent e461291178
commit 06e521cfa7
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
index.js
View File

@@ -150,8 +150,12 @@ export default class ActivityPubEndpoint {
const self = this;
// Let Fedify handle NodeInfo data (/nodeinfo/2.1)
// Only pass GET/HEAD requests — POST/PUT/DELETE must not go through
// Fedify here, because fromExpressRequest() consumes the body stream,
// breaking Express body-parsed routes downstream (e.g. admin forms).
router.use((req, res, next) => {
if (!self._fedifyMiddleware) return next();
if (req.method !== "GET" && req.method !== "HEAD") return next();
return self._fedifyMiddleware(req, res, next);
});

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@rmdes/indiekit-endpoint-activitypub",
"version": "1.0.2",
"version": "1.0.3",
"description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
"keywords": [
"indiekit",