From 3856bd417db790342cce89ecf96de836f9b7d8ac Mon Sep 17 00:00:00 2001 From: Colin Reeder Date: Sat, 21 Nov 2020 10:29:52 -0700 Subject: [PATCH] Explicitly add Host header so it gets signed --- src/tasks.rs | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/tasks.rs b/src/tasks.rs index 104f376..c8ba22b 100644 --- a/src/tasks.rs +++ b/src/tasks.rs @@ -40,11 +40,28 @@ impl<'a> TaskDef for DeliverToInbox<'a> { let mut digest_header = "SHA-256=".to_owned(); base64::encode_config_buf(digest, base64::STANDARD, &mut digest_header); - let mut req = hyper::Request::post(self.inbox.as_str().parse::()?) + let inbox_uri = self.inbox.as_str().parse::()?; + + let mut req = hyper::Request::post(&inbox_uri) .header(hyper::header::CONTENT_TYPE, crate::apub_util::ACTIVITY_TYPE) .header("Digest", digest_header) .body(self.object.into())?; + req.headers_mut() + .entry(hyper::header::HOST) + .or_insert_with(|| { + let uri = inbox_uri; + + let hostname = uri.host().expect("authority implies host"); + if let Some(port) = uri.port() { + let s = format!("{}:{}", hostname, port); + hyper::header::HeaderValue::from_str(&s) + } else { + hyper::header::HeaderValue::from_str(hostname) + } + .expect("uri host is valid header value") + }); + if let Ok(path_and_query) = crate::get_path_and_query(&self.inbox) { req.headers_mut() .insert(hyper::header::DATE, crate::apub_util::now_http_date()); -- 2.26.2