61254111e5
The (request-target) used by Pleroma is non-standard, but many HTTP signature implementations do it this way due to a misinterpretation of the draft 06 of HTTP signatures: "path" was interpreted as not having the query, though later examples show that it must be the absolute path with the query part of the URL as well. This behavior is kept to make sure most software (Pleroma itself, Mastodon, and probably others) do not break, but Pleroma now accepts signatures for a (request-target) containing the query, as expected by many HTTP signature libraries, and clarified in the draft 11 of HTTP signatures. Additionally, the new draft renamed (request-target) to @request-target. We now support both for incoming requests' signatures. |
||
---|---|---|
.. | ||
rate_limiter | ||
admin_secret_authentication_plug.ex | ||
authentication_plug.ex | ||
basic_auth_decoder_plug.ex | ||
cache.ex | ||
digest_plug.ex | ||
ensure_authenticated_plug.ex | ||
ensure_public_or_authenticated_plug.ex | ||
ensure_staff_privileged_plug.ex | ||
ensure_user_token_assigns_plug.ex | ||
expect_authenticated_check_plug.ex | ||
expect_public_or_authenticated_check_plug.ex | ||
federating_plug.ex | ||
frontend_static.ex | ||
http_security_plug.ex | ||
http_signature_plug.ex | ||
idempotency_plug.ex | ||
instance_static.ex | ||
mapped_signature_to_identity_plug.ex | ||
o_auth_plug.ex | ||
o_auth_scopes_plug.ex | ||
plug_helper.ex | ||
rate_limiter.ex | ||
remote_ip.ex | ||
set_format_plug.ex | ||
set_locale_plug.ex | ||
set_user_session_id_plug.ex | ||
static_fe_plug.ex | ||
trailing_format_plug.ex | ||
uploaded_media.ex | ||
user_enabled_plug.ex | ||
user_fetcher_plug.ex | ||
user_is_admin_plug.ex | ||
user_is_staff_plug.ex | ||
user_tracking_plug.ex |