]> cat aescling's git repositories - mastodon.git/blobdiff - app/controllers/concerns/signature_verification.rb
cat aescling's git repositories / mastodon.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix crash on receiving requests with missing Digest header (#15782)
[mastodon.git] / app / controllers / concerns / signature_verification.rb
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index fc3978fbbdd4f31099a7891fc4522bf816c8725e..4dd0cac55da0609cf44443dd480ce327f947c833 100644 (file)
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -133,6 +133,7 @@ module SignatureVerification
 
   def verify_body_digest!
     return unless signed_headers.include?('digest')
+    raise SignatureVerificationError, 'Digest header missing' unless request.headers.key?('Digest')
 
     digests = request.headers['Digest'].split(',').map { |digest| digest.split('=', 2) }.map { |key, value| [key.downcase, value] }
     sha256  = digests.assoc('sha-256')
source code fur Kibicat Mastodon
This page took 0.037026 seconds and 3 git commands to generate.