From 3224f07253d6d1b6f48aee5a07681c4a9e2da58d Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Wed, 27 Nov 2019 13:54:21 +0100
Subject: [PATCH] Ensure signature code doesn't crash on (request-target)
 signature

---
 api/funkwhale_api/federation/signing.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/funkwhale_api/federation/signing.py b/api/funkwhale_api/federation/signing.py
index 5b7a9b8d..0d922d32 100644
--- a/api/funkwhale_api/federation/signing.py
+++ b/api/funkwhale_api/federation/signing.py
@@ -67,6 +67,9 @@ def verify_django(django_request, public_key):
     expected = signature_headers.split(" ")
     logger.debug("Signature expected headers: %s", expected)
     for header in expected:
+        if header == "(request-target)":
+            # this one represent the request body, so not an actual HTTP header
+            continue
         try:
             headers[header]
         except KeyError:
-- 
GitLab