From 797d05bdd99b63104522051d0f61f1e0f003e780 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 12 Nov 2020 10:42:25 +0100 Subject: Force signed headers in http signatures Thanks Roger --- server/initializers/constants.ts | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'server/initializers/constants.ts') diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 501e06396..679503731 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -513,6 +513,10 @@ const HTTP_SIGNATURE = { HEADER_NAME: 'signature', ALGORITHM: 'rsa-sha256', HEADERS_TO_SIGN: [ '(request-target)', 'host', 'date', 'digest' ], + REQUIRED_HEADERS: { + ALL: [ '(request-target)', 'host', 'date' ], + POST: [ '(request-target)', 'host', 'date', 'digest' ] + }, CLOCK_SKEW_SECONDS: 1800 } -- cgit v1.2.3