When verifying HTTP sig, require ActivityPub-Actor to be signed only if present
This commit is contained in:
parent
475e398d6d
commit
a9eaf35d5e
1 changed files with 2 additions and 1 deletions
|
@ -599,7 +599,8 @@ instance YesodRemoteActorStore App where
|
||||||
|
|
||||||
instance YesodHttpSig App where
|
instance YesodHttpSig App where
|
||||||
data HttpSigVerResult App = HttpSigVerResult (Either String FedURI)
|
data HttpSigVerResult App = HttpSigVerResult (Either String FedURI)
|
||||||
httpSigVerHeaders = const [hRequestTarget, hHost, hActivityPubActor]
|
httpSigVerRequiredHeaders = const [hRequestTarget, hHost]
|
||||||
|
httpSigVerWantedHeaders = const [hActivityPubActor]
|
||||||
httpSigVerSeconds =
|
httpSigVerSeconds =
|
||||||
fromIntegral . toSeconds . appHttpSigTimeLimit . appSettings
|
fromIntegral . toSeconds . appHttpSigTimeLimit . appSettings
|
||||||
where
|
where
|
||||||
|
|
Loading…
Reference in a new issue