Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

accept hs2019-obfuscated http signatures #2811

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

kvibber
Copy link
Contributor

@kvibber kvibber commented Apr 9, 2023

Partial fix for #2794 (can't follow to/from GoToSocial)

hs2019 is used by some libraries to obfuscate the real algorithm per the spec https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12

Copy link
Member

@WesleyAC WesleyAC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might be cleaner to implement this similarly to how GoToSocial does it, looping through a list of hash functions regardless of the professed algorithm, maybe prioritizing the algorithm in the header if we want to be fancy.

@kvibber
Copy link
Contributor Author

kvibber commented Apr 16, 2023

Makes sense.

I'm not sure my code is quite right here - Python's not my strongest language. Also I think I may have some issues with my dev setup, since even going back to the current main branch, it isn't picking up posts from Mastodon accounts I follow on Bookwyrm (which do show up on bookwyrm.social), so I can't test it as thoroughly as I'd like.

@jaschaurbach
Copy link
Member

@WesleyAC How do we want to proceed in this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants