Add support for special headers (created) and (expires) #10

Merged

lambadalambda merged 4 commits from gitlab-mr-iid-8 into master 2026-05-11 16:41:47 +00:00

Conversation 0 Commits 4 Files changed 2 +253 -9

natsukagami commented 2024-06-11 18:28:54 +00:00

Member

Copy link

For these two headers you need to include them in the Signature field while signing, and read them off of the Signature header while validating. This comes from ref 11+ of the cavage draft: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.1.4

See #2, https://akkoma.dev/AkkomaGang/akkoma/issues/797, https://github.com/superseriousbusiness/gotosocial/issues/2991.

Note that the following checks are yet implemented, I wonder if you would like to include them:

• Require that created and expires are timestamps
• Require that the two timestamps are in the past/future respectively
• Require that keys including these two in the headers are not rsa, hmac or ecdsa

For these two headers you need to include them in the Signature field while signing, and read them off of the Signature header while validating. This comes from ref 11+ of the cavage draft: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.1.4 See #2, https://akkoma.dev/AkkomaGang/akkoma/issues/797, https://github.com/superseriousbusiness/gotosocial/issues/2991. **Note that the following checks are yet implemented, I wonder if you would like to include them:** - [ ] Require that `created` and `expires` are timestamps - [ ] Require that the two timestamps are in the past/future respectively - [ ] Require that keys including these two in the headers are not `rsa`, `hmac` or `ecdsa`

natsukagami added 3 commits 2026-02-06 06:29:49 +00:00

Implement support for special headers (created) and (expires) a4faa9e041

Add tests for special headers 4f92764e8a

Formatting ea7f1f0737

lambadalambda added 1 commit 2026-05-11 16:13:01 +00:00

Merge master into timestamped signatures 9bc4916e2d

lambadalambda merged commit 3867dbc680 into master 2026-05-11 16:41:47 +00:00

lambadalambda referenced this pull request from a commit 2026-05-11 16:41:47 +00:00

Merge pull request 'Add support for special headers `(created)` and `(expires)`' (#10) from gitlab-mr-iid-8 into master

lambadalambda deleted branch gitlab-mr-iid-8 2026-05-11 16:42:04 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pleroma-elixir-libraries/http_signatures!10

No description provided.