gitea

History

Anthony Wang f53e46c721 If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the verification again fixes the bug.	2022-06-14 16:23:08 -05:00
..
person.go	Make sure Person IRIs are generated correctly	2022-06-14 12:30:36 -05:00
reqsignature.go	If httpsig verification fails, fix Host header and try again	2022-06-14 16:23:08 -05:00

If httpsig verification fails, fix Host header and try again

This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the verification again fixes the bug.

2022-06-14 16:23:08 -05:00

person.go

Make sure Person IRIs are generated correctly

2022-06-14 12:30:36 -05:00

reqsignature.go

If httpsig verification fails, fix Host header and try again

2022-06-14 16:23:08 -05:00