Merge 2968211f44 into c442589593

ActivityPub spec section 3.2 reads
> The client MUST specify an Accept header with the
> `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`
> media type in order to retrieve the activity.

Currently Mastodon omits the profile in its dereferences (but not the
fetch service) and only lists application/ld+json as one of several
possible types. This breaks spec and allows spec-compliant
implementations to refuse any such fetch requests.

Resolve this by adding the required profile and while at it,
make the only spec-compliant type the first listed choice in all
relevant places and drop profile-less JSON-LD.

Section 7 also specifies the same media type MUST be used
in the Content-Type header of for POST requests, but here
we can't specify alternatives, so for now keep the current type.

Fixes a part of https://github.com/mastodon/mastodon/issues/22720

app/lib/activitypub/dereferencer.rb

@@ -44,7 +44,7 @@ class ActivityPub::Dereferencer
 
     req = Request.new(:get, uri)
 
-    req.add_headers('Accept' => 'application/activity+json, application/ld+json')
+    req.add_headers('Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json')
     req.add_headers(headers) if headers
     req.on_behalf_of(@signature_actor) if @signature_actor
 

app/services/fetch_resource_service.rb

@@ -3,7 +3,7 @@
 class FetchResourceService < BaseService
   include JsonLdHelper
 
-  ACCEPT_HEADER = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", text/html;q=0.1'
+  ACCEPT_HEADER = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json, text/html;q=0.1'
   ACTIVITY_STREAM_LINK_TYPES = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze
 
   attr_reader :response_code