Add ActivityPub secure mode (#11269)

* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
author: Eugen Rochko <eugen@zeonfederated.com> 2019-07-11 20:11:09 +0200
committer: GitHub <noreply@github.com> 2019-07-11 20:11:09 +0200
commit: 5bf67ca91350e40e6f329271d3ca2bdcba87ab64 (patch)
tree: e6a124c0c3913900a6d55c163b0ef308bfae64c7 /app/controllers/application_controller.rb
parent: 4e1260feaa09bfa7305887e34cb129b37bee6c52 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index cc8b8e4da..16e7d70a3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -36,6 +36,14 @@ class ApplicationController < ActionController::Base
     Rails.env.production?
   end
 
+  def authorized_fetch_mode?
+    ENV['AUTHORIZED_FETCH'] == 'true'
+  end
+
+  def public_fetch_mode?
+    !authorized_fetch_mode?
+  end
+
   def store_current_location
     store_location_for(:user, request.url) unless request.format == :json
   end
@@ -152,6 +160,6 @@ class ApplicationController < ActionController::Base
   end
 
   def set_cache_headers
-    response.headers['Vary'] = 'Accept'
+    response.headers['Vary'] = 'Accept, Signature'
   end
 end
author	Eugen Rochko <eugen@zeonfederated.com>	2019-07-11 20:11:09 +0200
committer	GitHub <noreply@github.com>	2019-07-11 20:11:09 +0200
commit	5bf67ca91350e40e6f329271d3ca2bdcba87ab64 (patch)
tree	e6a124c0c3913900a6d55c163b0ef308bfae64c7 /app/controllers/application_controller.rb
parent	4e1260feaa09bfa7305887e34cb129b37bee6c52 (diff)