Add support for special headers (created) and (expires) #10

Open

natsukagami wants to merge 3 commits from gitlab-mr-iid-8 into master

pull from: gitlab-mr-iid-8

merge into: pleroma-elixir-libraries:master

pleroma-elixir-libraries:master

pleroma-elixir-libraries:gitlab-mr-iid-10

pleroma-elixir-libraries:refetch_public_key-guard

pleroma-elixir-libraries:gitlab-mr-iid-9

pleroma-elixir-libraries:gitlab-mr-iid-6

pleroma-elixir-libraries:gitlab-mr-iid-7

pleroma-elixir-libraries:mix-lock

pleroma-elixir-libraries:gitlab-mr-iid-5

pleroma-elixir-libraries:2022-03-deps

pleroma-elixir-libraries:gitlab-mr-iid-4

pleroma-elixir-libraries:gitlab-mr-iid-3

pleroma-elixir-libraries:release/0.1.1

pleroma-elixir-libraries:gitlab-mr-iid-2

pleroma-elixir-libraries:fix/public-key-warnings

pleroma-elixir-libraries:gitlab-mr-iid-1

Conversation 0 Commits 3 Files changed 2 +62 -6

natsukagami commented 2024-06-11 18:28:54 +00:00

Member

Copy link

For these two headers you need to include them in the Signature field while signing, and read them off of the Signature header while validating. This comes from ref 11+ of the cavage draft: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.1.4

See #2, https://akkoma.dev/AkkomaGang/akkoma/issues/797, https://github.com/superseriousbusiness/gotosocial/issues/2991.

Note that the following checks are yet implemented, I wonder if you would like to include them:

• Require that created and expires are timestamps
• Require that the two timestamps are in the past/future respectively
• Require that keys including these two in the headers are not rsa, hmac or ecdsa

For these two headers you need to include them in the Signature field while signing, and read them off of the Signature header while validating. This comes from ref 11+ of the cavage draft: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.1.4 See #2, https://akkoma.dev/AkkomaGang/akkoma/issues/797, https://github.com/superseriousbusiness/gotosocial/issues/2991. **Note that the following checks are yet implemented, I wonder if you would like to include them:** - [ ] Require that `created` and `expires` are timestamps - [ ] Require that the two timestamps are in the past/future respectively - [ ] Require that keys including these two in the headers are not `rsa`, `hmac` or `ecdsa`

natsukagami added 3 commits 2026-02-06 06:29:49 +00:00

Implement support for special headers (created) and (expires) a4faa9e041

Add tests for special headers 4f92764e8a

Formatting ea7f1f0737

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin gitlab-mr-iid-8:gitlab-mr-iid-8

git switch gitlab-mr-iid-8

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff gitlab-mr-iid-8

git switch gitlab-mr-iid-8

git rebase master

git switch master

git merge --ff-only gitlab-mr-iid-8

git switch gitlab-mr-iid-8

git rebase master

git switch master

git merge --no-ff gitlab-mr-iid-8

git switch master

git merge --squash gitlab-mr-iid-8

git switch master

git merge --ff-only gitlab-mr-iid-8

git switch master

git merge gitlab-mr-iid-8

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pleroma-elixir-libraries/http_signatures!10

No description provided.