Open snarfed opened 3 months ago
Similar to #30: when you get a Create, you should check that the object's attributedTo is the same actor that owns the key used in the activity's signature, usually an HTTP Signature.
Create
attributedTo
Background: https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization
Similar to #30: when you get a
Create, you should check that the object'sattributedTois the same actor that owns the key used in the activity's signature, usually an HTTP Signature.Background: https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization