Http requests signed with the `hs2019` algorithm and without `(create)` http header should be acceptable

toddsundsted / ktistec

Single user ActivityPub (https://www.w3.org/TR/activitypub/) server.

GNU Affero General Public License v3.0

350 stars 21 forks source link

Http requests signed with the `hs2019` algorithm and without `(create)` http header should be acceptable #103

Closed LindsayZhou closed 1 week ago

LindsayZhou commented 2 weeks ago

Version: 2.0.0-11 Install from: Alpine Linux package manager (apk)

The spec mentions (create) http headers as recommended, ktistec implements it as required:

https://github.com/toddsundsted/ktistec/blob/648b46397883f79a70b705c20fd3526186662bd0/src/framework/signature.cr#L80-L82

Other instances that have not implemented the (create) http header can not interact with ktistec instances.

Gotosocial issue: https://github.com/superseriousbusiness/gotosocial/issues/2857

toddsundsted commented 1 week ago

@LindsayZhou i changed this logic to follow the kind of validation that Mastodon does.

before i merge the change, i'd like to test it. i currently have it running at https://epiktistes.com/. do you have access to a gotosocial account and can you send a follow request from that account?

toddsundsted commented 1 week ago

i pushed the changes in dd07bcae

LindsayZhou commented 1 week ago

can you send a follow request from that account?

Sorry for the late reply. Fllow request is sent.

toddsundsted commented 1 week ago

follow received and accept sent.

thank you! i think this resolves the issue.

LindsayZhou commented 1 week ago

https://moe.reisen/@lindsay/statuses/01J18TC8792KM32Z2YNSADXK99

The status becomes following. The bug is gone. Thank you!