diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs index 1d563ab..c432cbd 100644 --- a/src/Vervis/Foundation.hs +++ b/src/Vervis/Foundation.hs @@ -699,7 +699,13 @@ instance YesodHttpSig App where Just (Entity vkid vk, mremote) -> do (ua, s) <- case mremote of - Just remote -> return (remoteSharerIdent remote, False) + Just remote -> do + let sharer = remoteSharerIdent remote + for_ muActorHeader $ \ u -> + if sharer == u + then return () + else throwE "Key's owner doesn't match actor header" + return (sharer, False) Nothing -> case muActorHeader of Nothing -> throwE "Got a sig with an instance key, but actor header not specified!"