Increase clock skew for HTTP signatures

2 files changed, 3 insertions, 2 deletions

diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 190fd427a..fd4c0fdaa 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -467,7 +467,8 @@ const ACTIVITY_PUB_ACTOR_TYPES: { [ id: string ]: ActivityPubActorType } = {
 const HTTP_SIGNATURE = {
   HEADER_NAME: 'signature',
   ALGORITHM: 'rsa-sha256',
-  HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ]
+  HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ],
+  CLOCK_SKEW_SECONDS: 1800
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index bea213d27..fedac0e05 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -55,7 +55,7 @@ async function checkHttpSignature (req: Request, res: Response) {
   const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
   if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
 
-  const parsed = parseHTTPSignature(req)
+  const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
 
   const keyId = parsed.keyId
   if (!keyId) {