From be69efdee36652bcdead12f39ea0f1193085532f Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Thu, 2 May 2024 10:58:56 +0200
Subject: [PATCH] Require signed digest when verifying signatures (#109)

---
 src/http_signatures.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/http_signatures.rs b/src/http_signatures.rs
index 7e26e8d..1f4e15b 100644
--- a/src/http_signatures.rs
+++ b/src/http_signatures.rs
@@ -189,8 +189,11 @@ fn verify_signature_inner(
     uri: &Uri,
     public_key: &str,
 ) -> Result<(), Error> {
-    static CONFIG: Lazy<http_signature_normalization::Config> =
-        Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER));
+    static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
+        http_signature_normalization::Config::new()
+            .set_expiration(EXPIRES_AFTER)
+            .require_digest()
+    });
 
     let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");