if the digest is in the httpsig, we should also verify it matches content
Ted Unangst tedu@tedunangst.com
Tue, 21 May 2019 15:44:58 -0400
1 files changed,
6 insertions(+),
0 deletions(-)
jump to
M
zig.go
→
zig.go
@@ -139,6 +139,12 @@ s = req.Host
if s != serverName { log.Printf("caution: servername host header mismatch") } + case "digest": + s = req.Header.Get(h) + expv := "SHA-256=" + sb64sha256(content) + if s != expv { + return "", fmt.Errorf("digest header '%s' did not match content", s) + } default: s = req.Header.Get(h) }