backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-18 00:01:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
grapevine/book
History
Lambda ca6bc74074 Fix X-Matrix signature validation for incoming requests 
For HTTP/1 requests, an inbound Request's URI contains only the path and
query parameters, since there's no way to synthesize the authority part.
This is exactly what we need for the X-Matrix "uri" field.

HTTP/2 requests however can contain the :authority pseudo-header, which
is used to populate the Request's URI. Using a URL that includes an
authority breaks the signature check.

Largely inspired by conduit MR !631
(https://gitlab.com/famedly/conduit/-/merge_requests/631).

Co-authored-by: strawberry <strawberry@puppygock.gay>
2024-09-19 16:25:23 +00:00
..
changelog.md Fix X-Matrix signature validation for incoming requests 2024-09-19 16:25:23 +00:00
code-of-conduct.md add a code of conduct 2024-06-17 16:39:22 -07:00
contributing.md add a page about contributing in general 2024-06-17 16:39:22 -07:00
introduction.md fill in the introduction section 2024-06-17 16:39:22 -07:00
SUMMARY.md add and backfill changelog 2024-06-17 16:39:22 -07:00