From: Michael Date: Mon, 14 Jan 2019 16:33:23 +0000 (+0000) Subject: Adding the date to signed get requests as well X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=9bec20223211100895ce69a9c3abca99ecc4a326;p=friendica.git Adding the date to signed get requests as well --- diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index 32785a60aa..db1ea90dcb 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -336,14 +336,15 @@ class HTTPSignature // Header data that is about to be signed. $host = parse_url($request, PHP_URL_HOST); $path = parse_url($request, PHP_URL_PATH); + $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); - $headers = ['Host: ' . $host]; + $headers = ['Date: ' . $date, 'Host: ' . $host]; - $signed_data = "(request-target): get " . $path . "\nhost: " . $host; + $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); - $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) host",signature="' . $signature . '"'; + $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; $headers[] = 'Accept: application/activity+json, application/ld+json';