[backend] Improved http signature verification checks
This fixes an edge case where federation with split domain instances could fail.
This commit is contained in:
parent
1f53affd76
commit
04fa6bef15
1 changed files with 7 additions and 2 deletions
|
@ -81,8 +81,13 @@ export async function checkFetch(req: IncomingMessage): Promise<number> {
|
|||
return 403;
|
||||
}
|
||||
|
||||
// もう一回チェック
|
||||
if (authUser.user.host !== host) {
|
||||
// Cannot authenticate against local user
|
||||
if (authUser.user.uri === null || authUser.user.host === null) {
|
||||
return 400;
|
||||
}
|
||||
|
||||
// Check if keyId hostname matches actor hostname
|
||||
if (toPuny(new URL(authUser.user.uri).hostname) !== host) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue