From 89c8d9718b58799cd0e32388da830e264ec572b0 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Wed, 26 Dec 2018 22:33:46 -0100
Subject: [PATCH] validate host

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 lib/Service/SignatureService.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Service/SignatureService.php b/lib/Service/SignatureService.php
index 24f6bd58..e9f53773 100644
--- a/lib/Service/SignatureService.php
+++ b/lib/Service/SignatureService.php
@@ -285,6 +285,7 @@ class SignatureService {
 	 * @param IRequest $request
 	 *
 	 * @return string
+	 * @throws SocialAppConfigException
 	 */
 	private function generateEstimatedSignature(string $headers, IRequest $request): string {
 		$keys = explode(' ', $headers);
@@ -305,8 +306,11 @@ class SignatureService {
 			$value = $request->getHeader($key);
 			if ($key === 'host') {
 				$value = $request->getInsecureServerHost();
+				if ($this->configService->getCloudAddress(true) !== $value) {
+					continue;
+				}
 			}
-			
+
 			$estimated .= "\n" . $key . ': ' . $value;
 		}