diff options
author | ThibG <thib@sitedethib.com> | 2020-11-01 23:38:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-01 23:38:31 +0100 |
commit | fa929d8b81002c95f729517d3ce3985f090c5980 (patch) | |
tree | 5de28d5bee342617d44482597c022062d9f17699 /app/models/media_attachment.rb | |
parent | 9d023ed4f6d8a69699d14479d5e12132ea4f4cd2 (diff) |
Tweak signature verification (#15069)
* Add more specific error message when request body digest is invalid This may help other implementors debug their implementation. * Relax Host parameter requirement to GET requests The only POST requests processed by Mastodon need objects/actors (including their host) to be explicitly mentioned in the request's body, so replaying a legitimate request to another host should not be a security issue. * Support Digest headers using multiple algorithms or lowercase alogirthm names
Diffstat (limited to 'app/models/media_attachment.rb')
0 files changed, 0 insertions, 0 deletions