+ const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
+ const headers = buildGlobalHeaders(body)
+
+ const signatureOptions = baseHttpSignature()
+ const badHeadersMatrix = [
+ [ '(request-target)', 'date', 'digest' ],
+ [ 'host', 'date', 'digest' ],
+ [ '(request-target)', 'host', 'digest' ]
+ ]
+
+ for (const badHeaders of badHeadersMatrix) {
+ signatureOptions.headers = badHeaders
+
+ try {
+ await makePOSTAPRequest(url, body, signatureOptions, headers)
+ expect(true, 'Did not throw').to.be.false
+ } catch (err) {
+ expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+ }
+ }