See #853: force authenticated ActivityPub checks when allow-list is enabled
See #853 (closed)
Simple check to enforce authenticated fetches (with a HTTP signature) when allow-listing is enabled:
- Return a 403 if no signature is present
- Return a 403 if a signature is present but not from an allowed domain
cc @funkwhale/reviewers-python
Edited by Agate