dlongley
commented
4 years ago Looks like it should be checking request.params.signature one line above instead (before creating the signature buffer).
Open mattcollier opened 4 years ago
dlongley
commented
4 years ago Looks like it should be checking request.params.signature one line above instead (before creating the signature buffer).
mattcollier
commented
4 years ago Might also just wrap new Buffer in a try/catch because it does throw on undefined: https://repl.it/repls/WellmadeLoudScientificcomputing
aljones15
commented
3 years ago this can be closed with next release version 2.0.0
signaturehere will always be a buffer instance (if it doesn't throw for some reason) so there is no possibility it will be false.Validation needs to be implemented in some other way(s).
https://github.com/digitalbazaar/http-signature-header/blame/c990734f1beb5b245bc6bf54e76c12ea4ed85d1d/bin/util.js#L206