Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change signature verification to ignore signatures with invalid host #13033

Merged
merged 1 commit into from
Feb 3, 2020

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Feb 3, 2020

Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched

Fix #13011

Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched

Fix #13011
@Gargron Gargron merged commit 5265df0 into master Feb 3, 2020
@Gargron Gargron deleted the fix-catch-host-validation-error-signature branch May 8, 2020 18:25
rtucker pushed a commit to vulpineclub/mastodon that referenced this pull request Jan 7, 2021
…astodon#13033)

Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched

Fix mastodon#13011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fetching with an invalid signature returns HTTP 500 even when authorized_fetch is turned off
2 participants