Fix crash on receiving requests with missing Digest header (#15782)

* Fix crash on receiving requests with missing Digest header

Return an error pointing out that Digest is missing, instead of crashing.

Fixes #15743

* Fix from review feedback
pull/17389/head
Claire 2021-02-26 17:40:27 +01:00
parent cc21670b3c
commit da14725a96
1 changed files with 1 additions and 0 deletions

View File

@ -133,6 +133,7 @@ module SignatureVerification
def verify_body_digest!
return unless signed_headers.include?('digest')
raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
sha256 = digests.assoc('sha-256')