21ad21cb50
* Downcase signed_headers string before building the signed string
The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.
Thankfully, I don't know of any such client.
* Revert "Remove dead code (#8919)"
This reverts commit
|
||
---|---|---|
.. | ||
account_controller_concern.rb | ||
accountable_concern.rb | ||
authorization.rb | ||
export_controller_concern.rb | ||
localized.rb | ||
obfuscate_filename.rb | ||
rate_limit_headers.rb | ||
remote_account_controller_concern.rb | ||
session_tracking_concern.rb | ||
signature_authentication.rb | ||
signature_verification.rb | ||
user_tracking_concern.rb |