dirk
/
honk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add a note about http sig requirements, 

and check that host header matches
This commit is contained in:
Ted Unangst 2019-04-26 10:02:46 -04:00
parent 9e726bde40
commit 6889970174
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/manual.txt
View File

@ -60,3 +60,8 @@ with other servers via https URLs.
If the proxy is configured to support caching, be mindful of the fact that If the proxy is configured to support caching, be mindful of the fact that
ActivityPub requests vary based on the Accept and Content-Type headers. ActivityPub requests vary based on the Accept and Content-Type headers.
ActivityPub in practice uses HTTP signatures to verify requests. In order for
this to work, the backend server must receive certain header fields
unmodified. In particular, the Host header and the message content cannot be
altered.

4
zig.go
View File

@ -26,6 +26,7 @@ import (
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"io" "io"
"log"
"net/http" "net/http"
"regexp" "regexp"
"strings" "strings"
@ -135,6 +136,9 @@ func zag(req *http.Request, content []byte) (string, error) {
s = strings.ToLower(req.Method) + " " + req.URL.RequestURI() s = strings.ToLower(req.Method) + " " + req.URL.RequestURI()
case "host": case "host":
s = req.Host s = req.Host
if s != serverName {
log.Printf("caution: servername host header mismatch")
}
default: default:
s = req.Header.Get(h) s = req.Header.Get(h)
} }