MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure signature code doesn't crash on (request-target) signature

This commit is contained in:
Eliot Berriot 2019-11-27 13:54:21 +01:00
parent 89bbb902a4
commit 3224f07253
No known key found for this signature in database
GPG Key ID: 6B501DFD73514E14
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/funkwhale_api/federation/signing.py
View File

@ -67,6 +67,9 @@ def verify_django(django_request, public_key):
expected = signature_headers.split(" ")
logger.debug("Signature expected headers: %s", expected)
for header in expected:
if header == "(request-target)":
# this one represent the request body, so not an actual HTTP header
continue
try:
headers[header]
except KeyError: