When verifying HTTP sig, require ActivityPub-Actor to be signed only if present
This commit is contained in:
parent
475e398d6d
commit
a9eaf35d5e
1 changed files with 2 additions and 1 deletions
|
@ -599,7 +599,8 @@ instance YesodRemoteActorStore App where
|
|||
|
||||
instance YesodHttpSig App where
|
||||
data HttpSigVerResult App = HttpSigVerResult (Either String FedURI)
|
||||
httpSigVerHeaders = const [hRequestTarget, hHost, hActivityPubActor]
|
||||
httpSigVerRequiredHeaders = const [hRequestTarget, hHost]
|
||||
httpSigVerWantedHeaders = const [hActivityPubActor]
|
||||
httpSigVerSeconds =
|
||||
fromIntegral . toSeconds . appHttpSigTimeLimit . appSettings
|
||||
where
|
||||
|
|
Loading…
Reference in a new issue