From: Michael <heluecht@pirati.ca>
Date: Mon, 14 Jan 2019 16:33:23 +0000 (+0000)
Subject: Adding the date to signed get requests as well
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=9bec20223211100895ce69a9c3abca99ecc4a326;p=friendica.git

Adding the date to signed get requests as well
---

diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php
index 32785a60aa..db1ea90dcb 100644
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -336,14 +336,15 @@ class HTTPSignature
 		// Header data that is about to be signed.
 		$host = parse_url($request, PHP_URL_HOST);
 		$path = parse_url($request, PHP_URL_PATH);
+		$date = DateTimeFormat::utcNow(DateTimeFormat::HTTP);
 
-		$headers = ['Host: ' . $host];
+		$headers = ['Date: ' . $date, 'Host: ' . $host];
 
-		$signed_data = "(request-target): get " . $path . "\nhost: " . $host;
+		$signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host;
 
 		$signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256'));
 
-		$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) host",signature="' . $signature . '"';
+		$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"';
 
 		$headers[] = 'Accept: application/activity+json, application/ld+json';