]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/helpers/peertube-crypto.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Force signed headers in http signatures
[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 1655cd7b57bd9e4033a0aaf3b9130425c3ea385a..994f725d88074dc891c50c801182d59a60a59ea3 100644 (file)
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -50,7 +50,11 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  return httpSignature.parse(req, { clockSkew })
+  const headers = req.method === 'POST'
+    ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
+    : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+
+  return httpSignature.parse(req, { clockSkew, headers })
 }
 
 // JSONLD
ActivityPub-federated video streaming platform using P2P directly in your web browser