Cannot verify "host" with HTTPSignatureAuth
sharpaper opened this issue · comments
sharpaper commented
When using host
in headers=
with HTTPSignatureAuth, the signature does not validate.
Example:
- makes valid signature:
headers=[ '(request-target)', 'date', 'digest' ]
- makes not valid signature:
headers=[ '(request-target)', 'host', 'date', 'digest' ]
I cannot test HTTPSignatureHeaderAuth
because there is not verify
method available.
Andrey Kislyuk commented
Thank you for submitting your bug report. I am unable to reproduce the issue that you described. If you want further assistance, please post a complete minimal test case that reproduces the problem that you encountered.