# Note: will create a Create activity, which we need internally at the moment.
def fetch_object_from_id(id, options \\ []) do
- with {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
+ with %URI{} = uri <- URI.parse(id),
+ # If we have instance restrictions, apply them here to prevent fetching from unwanted instances
+ {:ok, nil} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_reject(uri),
+ {:ok, _} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri),
+ {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
{_, true} <- {:allowed_depth, Federator.allowed_thread_distance?(options[:depth])},
{_, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)},
{_, nil} <- {:normalize, Object.normalize(data, fetch: false)},
{:fetch, {:error, error}} ->
{:error, error}
+ {:reject, reason} ->
+ {:reject, reason}
+
e ->
e
end
def fetch_and_contain_remote_object_from_id(_id),
do: {:error, "id must be a string"}
- defp get_object(id) do
+ def get_object(id) do
date = Pleroma.Signature.signed_date()
headers =
%{"profile" => "https://www.w3.org/ns/activitystreams"}} ->
{:ok, body}
+ # pixelfed sometimes (and only sometimes) responds with http instead of https
+ {:ok, "application", "ld+json",
+ %{"profile" => "http://www.w3.org/ns/activitystreams"}} ->
+ {:ok, body}
+
_ ->
{:error, {:content_type, content_type}}
end