aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-11-12 10:42:25 +0100
committerChocobozzz <me@florianbigard.com>2020-11-12 16:29:32 +0100
commit797d05bdd99b63104522051d0f61f1e0f003e780 (patch)
treea0e356958e03aa62c4539afacbf7715eba305954 /server/helpers
parent2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff)
downloadPeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip
Force signed headers in http signatures
Thanks Roger
Diffstat (limited to 'server/helpers')
-rw-r--r--server/helpers/peertube-crypto.ts6
1 files changed, 5 insertions, 1 deletions
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 1655cd7b5..994f725d8 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -50,7 +50,11 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
50} 50}
51 51
52function parseHTTPSignature (req: Request, clockSkew?: number) { 52function parseHTTPSignature (req: Request, clockSkew?: number) {
53 return httpSignature.parse(req, { clockSkew }) 53 const headers = req.method === 'POST'
54 ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
55 : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
56
57 return httpSignature.parse(req, { clockSkew, headers })
54} 58}
55 59
56// JSONLD 60// JSONLD