about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2021-02-26 17:40:27 +0100
committerGitHub <noreply@github.com>2021-02-26 17:40:27 +0100
commit75189af5287210581b38ff4257b58d9972f459b8 (patch)
tree75dca82cfef46c0dabc6d7099c66204b85328ff6 /app/controllers
parent7d9ba8c243033bc2aa13e23e8d89088f7460df5c (diff)
Fix crash on receiving requests with missing Digest header (#15782)
* Fix crash on receiving requests with missing Digest header

Return an error pointing out that Digest is missing, instead of crashing.

Fixes #15743

* Fix from review feedback
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/concerns/signature_verification.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index fc3978fbb..4dd0cac55 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -133,6 +133,7 @@ module SignatureVerification
 
   def verify_body_digest!
     return unless signed_headers.include?('digest')
+    raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
 
     digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
     sha256  = digests.assoc('sha-256')