mirror of
https://github.com/kikobar/mastodon.git
synced 2024-11-17 04:32:22 +00:00
Do not sign useless User-Agent or Accept-Encoding headers (#8533)
Fix #8080
This commit is contained in:
parent
18eb565755
commit
e3764bdb52
|
@ -73,15 +73,15 @@ class Request
|
||||||
algorithm = 'rsa-sha256'
|
algorithm = 'rsa-sha256'
|
||||||
signature = Base64.strict_encode64(@keypair.sign(OpenSSL::Digest::SHA256.new, signed_string))
|
signature = Base64.strict_encode64(@keypair.sign(OpenSSL::Digest::SHA256.new, signed_string))
|
||||||
|
|
||||||
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers}\",signature=\"#{signature}\""
|
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
|
||||||
end
|
end
|
||||||
|
|
||||||
def signed_string
|
def signed_string
|
||||||
@headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
|
signed_headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
|
||||||
end
|
end
|
||||||
|
|
||||||
def signed_headers
|
def signed_headers
|
||||||
@headers.keys.join(' ').downcase
|
@headers.without('User-Agent', 'Accept-Encoding')
|
||||||
end
|
end
|
||||||
|
|
||||||
def key_id
|
def key_id
|
||||||
|
|
Loading…
Reference in a new issue