akkoma/lib/pleroma/web/plugs
Hélène 61254111e5
HttpSignaturePlug: accept standard (request-target)
The (request-target) used by Pleroma is non-standard, but many HTTP
signature implementations do it this way due to a misinterpretation of
the draft 06 of HTTP signatures: "path" was interpreted as not having
the query, though later examples show that it must be the absolute path
with the query part of the URL as well.

This behavior is kept to make sure most software (Pleroma itself,
Mastodon, and probably others) do not break, but Pleroma now accepts
signatures for a (request-target) containing the query, as expected by
many HTTP signature libraries, and clarified in the draft 11 of HTTP
signatures.

Additionally, the new draft renamed (request-target) to @request-target.
We now support both for incoming requests' signatures.
2022-08-18 17:01:34 +02:00
..
rate_limiter Copyright bump for 2022 2022-02-25 23:11:42 -07:00
admin_secret_authentication_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
authentication_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
basic_auth_decoder_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
cache.ex Skip cache when /objects or /activities is authenticated 2022-05-06 10:23:26 +02:00
digest_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ensure_authenticated_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ensure_public_or_authenticated_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ensure_staff_privileged_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ensure_user_token_assigns_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
expect_authenticated_check_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
expect_public_or_authenticated_check_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
federating_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
frontend_static.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
http_security_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
http_signature_plug.ex HttpSignaturePlug: accept standard (request-target) 2022-08-18 17:01:34 +02:00
idempotency_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
instance_static.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
mapped_signature_to_identity_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
o_auth_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
o_auth_scopes_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
plug_helper.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
rate_limiter.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
remote_ip.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
set_format_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
set_locale_plug.ex Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop' 2022-03-20 18:14:37 +00:00
set_user_session_id_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
static_fe_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
trailing_format_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
uploaded_media.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_enabled_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_fetcher_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_is_admin_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_is_staff_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_tracking_plug.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00