mirror of https://github.com/tootsuite/mastodon
Fix crash on receiving requests with missing Digest header (#15782)
* Fix crash on receiving requests with missing Digest header Return an error pointing out that Digest is missing, instead of crashing. Fixes #15743 * Fix from review feedbackpull/17389/head
parent
cc21670b3c
commit
da14725a96
|
@ -133,6 +133,7 @@ module SignatureVerification
|
|||
|
||||
def verify_body_digest!
|
||||
return unless signed_headers.include?('digest')
|
||||
raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
|
||||
|
||||
digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
|
||||
sha256 = digests.assoc('sha-256')
|
||||
|
|
Loading…
Reference in New Issue