Please sign in to comment.
ACMEv2: Enforce POST Content-Type (when feature on) (#3532)
This commit adds a new WFE2 feature flag "EnforceV2ContentType". When enabled, the WFE2's validPostRequest function will enforce that the request carries a Content-Type header equal to application/jose+json. This is required by ACME draft-10 per section 6.2 "Request Authentication". This is behind a feature flag because it is likely to break some number of existing ACMEv2 clients that may not be sending the correct Content-Type. We are defaulting to not setting the new feature flag in test/config-next because it currently break's Certbot's acme module's revocation support and we rely on this in our V2 integration tests. Resolves #3529
- Loading branch information...
Showing with 74 additions and 8 deletions.