diff options
author | Claire <claire.github-309c@sitedethib.com> | 2021-02-26 17:40:27 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-26 17:40:27 +0100 |
commit | 75189af5287210581b38ff4257b58d9972f459b8 (patch) | |
tree | 75dca82cfef46c0dabc6d7099c66204b85328ff6 /app/controllers | |
parent | 7d9ba8c243033bc2aa13e23e8d89088f7460df5c (diff) |
Fix crash on receiving requests with missing Digest header (#15782)
* Fix crash on receiving requests with missing Digest header Return an error pointing out that Digest is missing, instead of crashing. Fixes #15743 * Fix from review feedback
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/concerns/signature_verification.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index fc3978fbb..4dd0cac55 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -133,6 +133,7 @@ module SignatureVerification def verify_body_digest! return unless signed_headers.include?('digest') + raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest') digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] } sha256 = digests.assoc('sha-256') |