Require signed digest when verifying signatures

This commit is contained in:
Felix Ableitner 2024-04-30 00:14:48 +02:00
parent e78e014c6c
commit 65a33da673

View file

@ -189,8 +189,11 @@ fn verify_signature_inner(
uri: &Uri, uri: &Uri,
public_key: &str, public_key: &str,
) -> Result<(), Error> { ) -> Result<(), Error> {
static CONFIG: Lazy<http_signature_normalization::Config> = static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER)); http_signature_normalization::Config::new()
.set_expiration(EXPIRES_AFTER)
.require_digest()
});
let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or(""); let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");