Cannot verify "host" with HTTPSignatureAuth

Question

Cannot verify "host" with HTTPSignatureAuth

sharpaper opened this issue 5 years ago · comments

sharpaper commented 5 years ago

When using host in headers= with HTTPSignatureAuth, the signature does not validate.

Example:

makes valid signature: headers=[ '(request-target)', 'date', 'digest' ]
makes not valid signature: headers=[ '(request-target)', 'host', 'date', 'digest' ]

I cannot test HTTPSignatureHeaderAuth because there is not verify method available.

Andrey Kislyuk · Answer 1 · Sun Apr 26 2020 06:15:24 GMT+0800 (China Standard Time)

Thank you for submitting your bug report. I am unable to reproduce the issue that you described. If you want further assistance, please post a complete minimal test case that reproduces the problem that you encountered.