Hackers' Pub is seeing repeated production inbox failures from Fedify 2.3.0 when an incoming activity contains a language map entry with a malformed @language value. The Sentry issue is GRAPHQL-1X and the event count was 16 when triaged.
Observed behavior
Fedify starts handling POST /ap/inbox, verifies the LD signature, and parses nested ActivityPub objects. During Note.fromJsonLd(), the generated vocabulary parser reaches a language-tagged string and constructs new LanguageString(value, language) from @fedify/vocab-runtime/src/langstr.ts. If the remote JSON-LD has an invalid language tag, new Intl.Locale(language) throws RangeError: Incorrect locale information provided.
The exception escapes the inbox request before Hackers' Pub's inbox listener code runs. The request is reported as a 500-level application error even though the malformed @language value is remote input.
Expected behavior
Malformed language tags in remote JSON-LD should make the object fail parsing as invalid remote input, or be ignored for that single language-tagged value, without crashing the whole inbox request as an application error. If the object must be rejected, the failure should be reported through the same remote-driven parse or verification path used for other malformed ActivityPub input.
Notes
This is hard to handle cleanly in application code because the exception is thrown inside the generated parser before the app listener sees the activity. Hackers' Pub can filter the resulting monitoring noise, but it cannot distinguish the malformed remote field from a real application exception at the listener boundary.
Relevant paths:
- @fedify/vocab-runtime/src/langstr.ts
- @fedify/vocab-tools/src/type.ts
- generated @fedify/vocab/src/vocab.ts
Hackers' Pub is seeing repeated production inbox failures from Fedify 2.3.0 when an incoming activity contains a language map entry with a malformed
@languagevalue. The Sentry issue isGRAPHQL-1Xand the event count was 16 when triaged.Observed behavior
Fedify starts handling
POST /ap/inbox, verifies the LD signature, and parses nested ActivityPub objects. DuringNote.fromJsonLd(), the generated vocabulary parser reaches a language-tagged string and constructsnew LanguageString(value, language)from @fedify/vocab-runtime/src/langstr.ts. If the remote JSON-LD has an invalid language tag,new Intl.Locale(language)throwsRangeError: Incorrect locale information provided.The exception escapes the inbox request before Hackers' Pub's inbox listener code runs. The request is reported as a 500-level application error even though the malformed
@languagevalue is remote input.Expected behavior
Malformed language tags in remote JSON-LD should make the object fail parsing as invalid remote input, or be ignored for that single language-tagged value, without crashing the whole inbox request as an application error. If the object must be rejected, the failure should be reported through the same remote-driven parse or verification path used for other malformed ActivityPub input.
Notes
This is hard to handle cleanly in application code because the exception is thrown inside the generated parser before the app listener sees the activity. Hackers' Pub can filter the resulting monitoring noise, but it cannot distinguish the malformed remote field from a real application exception at the listener boundary.
Relevant paths: