kopia lustrzana https://github.com/snarfed/bridgy-fed
AP sig verification bug fix: support lower case sha-256= Digest prefix
found with https://verify.funfedi.dev/?actor_uri=https%3A%2F%2Ffed.brid.gy%2Fsnarfed.org . thanks @HelgeKrueger!pull/726/head
rodzic
2a7c0adf0f
commit
6498c24d98
|
@ -394,7 +394,7 @@ class ActivityPub(User, Protocol):
|
|||
error('Missing Digest header, required for HTTP Signature', status=401)
|
||||
|
||||
expected = b64encode(sha256(request.data).digest()).decode()
|
||||
if digest.removeprefix('SHA-256=') != expected:
|
||||
if digest.removeprefix('SHA-256=').removeprefix('sha-256=') != expected:
|
||||
error('Invalid Digest header, required for HTTP Signature', status=401)
|
||||
|
||||
try:
|
||||
|
|
Ładowanie…
Reference in New Issue