* Add more specific error message when request body digest is invalid
This may help other implementors debug their implementation.
* Relax Host parameter requirement to GET requests
The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.
* Support Digest headers using multiple algorithms or lowercase alogirthm names
raiseSignatureVerificationError,'Mastodon requires the Date header or (created) pseudo-header to be signed'unlesssigned_headers.include?('date')||signed_headers.include?('(created)')
raiseSignatureVerificationError,'Mastodon requires the Digest header or (request-target) pseudo-header to be signed'unlesssigned_headers.include?(Request::REQUEST_TARGET)||signed_headers.include?('digest')
raiseSignatureVerificationError,'Mastodon requires the Host header to be signed' unlesssigned_headers.include?('host')
raiseSignatureVerificationError,'Mastodon requires the Host header to be signed when doing a GET request' ifrequest.get?&&!signed_headers.include?('host')
raiseSignatureVerificationError,'Mastodon requires the Digest header to be signed when doing a POST request'ifrequest.post?&&!signed_headers.include?('digest')