69e807214d
Previously, when verifying an HTTP signature and we find out we have the provided keyid in the DB, and this key is a personal key, we would just grab the key owner from the DB and ignore the ActivityPub-Actor header. This patch adds a check: If we find the key in the DB and it's a personal key, do grab the owner from that DB row, but also check the actor header: If it's provided, it has to be identical to the key owner ID URI. |
||
---|---|---|
.. | ||
Control | ||
Darcs/Local | ||
Data | ||
Database | ||
Diagrams | ||
Formatting | ||
Language/Haskell/TH/Quote | ||
Network | ||
Text | ||
Vervis | ||
Web | ||
Yesod | ||
GitPackProto.hs |