From a9eaf35d5e715c9c7b7abd1091b398bca8952aad Mon Sep 17 00:00:00 2001 From: fr33domlover Date: Sat, 16 Mar 2019 15:48:25 +0000 Subject: [PATCH] When verifying HTTP sig, require ActivityPub-Actor to be signed only if present --- src/Vervis/Foundation.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs index 662b41c..6669b3e 100644 --- a/src/Vervis/Foundation.hs +++ b/src/Vervis/Foundation.hs @@ -599,7 +599,8 @@ instance YesodRemoteActorStore App where instance YesodHttpSig App where data HttpSigVerResult App = HttpSigVerResult (Either String FedURI) - httpSigVerHeaders = const [hRequestTarget, hHost, hActivityPubActor] + httpSigVerRequiredHeaders = const [hRequestTarget, hHost] + httpSigVerWantedHeaders = const [hActivityPubActor] httpSigVerSeconds = fromIntegral . toSeconds . appHttpSigTimeLimit . appSettings where