9500d00e5f
* Add more specific error message when request body digest is invalid This may help other implementors debug their implementation. * Relax Host parameter requirement to GET requests The only POST requests processed by Mastodon need objects/actors (including their host) to be explicitly mentioned in the request's body, so replaying a legitimate request to another host should not be a security issue. * Support Digest headers using multiple algorithms or lowercase alogirthm names |
||
---|---|---|
.. | ||
account_controller_concern.rb | ||
account_owned_concern.rb | ||
accountable_concern.rb | ||
authorization.rb | ||
cache_concern.rb | ||
challengable_concern.rb | ||
export_controller_concern.rb | ||
localized.rb | ||
rate_limit_headers.rb | ||
session_tracking_concern.rb | ||
sign_in_token_authentication_concern.rb | ||
signature_authentication.rb | ||
signature_verification.rb | ||
status_controller_concern.rb | ||
two_factor_authentication_concern.rb | ||
user_tracking_concern.rb |