mirror of
https://github.com/jointakahe/takahe.git
synced 2024-06-02 13:29:34 +00:00
Add header allowlist
This commit is contained in:
parent
1dec02f89c
commit
3c6820cfe3
|
@ -69,6 +69,15 @@ class HttpSignature:
|
|||
Allows for calculation and verification of HTTP signatures
|
||||
"""
|
||||
|
||||
#: Headers we should consider when producing signatures
|
||||
HEADERS_FOR_SIGNING = {
|
||||
"date",
|
||||
"host",
|
||||
"(request-target)",
|
||||
"content-type",
|
||||
"content-length",
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def calculate_digest(cls, data, algorithm="sha-256") -> str:
|
||||
"""
|
||||
|
@ -211,7 +220,9 @@ class HttpSignature:
|
|||
|
||||
# Sign the headers
|
||||
signing_headers = [
|
||||
key for key in request.headers.keys() if key.lower() != "user-agent"
|
||||
key
|
||||
for key in request.headers.keys()
|
||||
if key.lower() in cls.HEADERS_FOR_SIGNING
|
||||
]
|
||||
signed_string = "\n".join(
|
||||
f"{name.lower()}: {value}"
|
||||
|
|
Loading…
Reference in a new issue