about summary refs log tree commit diff
path: root/app/models/status_stat.rb
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2020-11-01 23:38:31 +0100
committerGitHub <noreply@github.com>2020-11-01 23:38:31 +0100
commitfa929d8b81002c95f729517d3ce3985f090c5980 (patch)
tree5de28d5bee342617d44482597c022062d9f17699 /app/models/status_stat.rb
parent9d023ed4f6d8a69699d14479d5e12132ea4f4cd2 (diff)
Tweak signature verification (#15069)
* Add more specific error message when request body digest is invalid

This may help other implementors debug their implementation.

* Relax Host parameter requirement to GET requests

The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.

* Support Digest headers using multiple algorithms or lowercase alogirthm names
Diffstat (limited to 'app/models/status_stat.rb')
0 files changed, 0 insertions, 0 deletions