mastodon/app/controllers/concerns
ThibG fa929d8b81
Tweak signature verification (#15069)
* Add more specific error message when request body digest is invalid

This may help other implementors debug their implementation.

* Relax Host parameter requirement to GET requests

The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.

* Support Digest headers using multiple algorithms or lowercase alogirthm names
2020-11-01 23:38:31 +01:00
..
account_controller_concern.rb
account_owned_concern.rb
accountable_concern.rb
authorization.rb
cache_concern.rb Make Array-creation behavior of Paginable more predictable (#14687) 2020-08-31 12:47:09 +02:00
challengable_concern.rb Bump rubocop from 0.86.0 to 0.88.0 (#14412) 2020-09-01 03:04:00 +02:00
export_controller_concern.rb Refactor settings controllers (#14767) 2020-09-11 20:56:35 +02:00
localized.rb Fix not working I18n on 2FA and Sign in token page (#14087) 2020-06-20 13:30:13 +02:00
rate_limit_headers.rb
session_tracking_concern.rb
sign_in_token_authentication_concern.rb Fix not working I18n on 2FA and Sign in token page (#14087) 2020-06-20 13:30:13 +02:00
signature_authentication.rb
signature_verification.rb Tweak signature verification (#15069) 2020-11-01 23:38:31 +01:00
status_controller_concern.rb
two_factor_authentication_concern.rb Add WebAuthn as an alternative 2FA method (#14466) 2020-08-24 16:46:27 +02:00
user_tracking_concern.rb