Force signed headers in http signatures

Thanks Roger
author: Chocobozzz <me@florianbigard.com> 2020-11-12 10:42:25 +0100
committer: Chocobozzz <me@florianbigard.com> 2020-11-12 16:29:32 +0100
commit: 797d05bdd99b63104522051d0f61f1e0f003e780 (patch)
tree: a0e356958e03aa62c4539afacbf7715eba305954 /server/initializers
parent: 2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff)
download: PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst
PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 501e06396..679503731 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -513,6 +513,10 @@ const HTTP_SIGNATURE = {
  HEADER_NAME: 'signature',
  ALGORITHM: 'rsa-sha256',
  HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ],
+  REQUIRED_HEADERS: {
+    ALL: [ '(request-target)', 'host', 'date' ],
+    POST: [ '(request-target)', 'host', 'date', 'digest' ]
+  },
  CLOCK_SKEW_SECONDS: 1800
 }
author	Chocobozzz <me@florianbigard.com>	2020-11-12 10:42:25 +0100
committer	Chocobozzz <me@florianbigard.com>	2020-11-12 16:29:32 +0100
commit	797d05bdd99b63104522051d0f61f1e0f003e780 (patch)
tree	a0e356958e03aa62c4539afacbf7715eba305954 /server/initializers
parent	2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff)
download	PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip