Request headers are not signed? #910

Closed
opened 3 years ago by Ghost · 5 comments
Ghost commented 3 years ago

When sending ActivityPub updates to a mastodon instance, the requests are rejected by Mastodon because the Host header is not signed. The Plume logs show:

Successfully sent activity to inbox (https://toot.kuba-orlik.name/inbox)
Response: "b"Mastodon requires the Host header to be signed""
When sending ActivityPub updates to a mastodon instance, the requests are rejected by Mastodon because the `Host` header is not signed. The Plume logs show: ``` Successfully sent activity to inbox (https://toot.kuba-orlik.name/inbox) Response: "b"Mastodon requires the Host header to be signed"" ```
Owner

Thank you reporting. Which version do you use?

Plume v0.6.0 (or earler) doesn't signature Host header. But latest main branch and Docker image does.

I'm aware I should release next version soon, but if you need the feature soon, can you try latest unstable version?

Thank you reporting. Which version do you use? Plume v0.6.0 (or earler) doesn't signature Host header. But latest `main` branch and Docker image does. I'm aware I should release next version soon, but if you need the feature soon, can you try latest unstable version?
Owner

Note: fediverse.blog logs the same error:

Mar 28 17:46:36 fediverse.blog plume[12462]: Response: "b"Mastodon requires the Host header to be signed""
Mar 28 17:46:36 fediverse.blog plume[12462]: Successfully sent activity to inbox (https://computerfairi.es/inbox)
Mar 28 17:46:36 fediverse.blog plume[12462]: Response: "b"Mastodon requires the Host header to be signed""
Mar 28 17:46:36 fediverse.blog plume[12462]: Successfully sent activity to inbox (https://toot.site/inbox)

Its current revision is d0dd23a.

Note: fediverse.blog logs the same error: Mar 28 17:46:36 fediverse.blog plume[12462]: Response: "b"Mastodon requires the Host header to be signed"" Mar 28 17:46:36 fediverse.blog plume[12462]: Successfully sent activity to inbox (https://computerfairi.es/inbox) Mar 28 17:46:36 fediverse.blog plume[12462]: Response: "b"Mastodon requires the Host header to be signed"" Mar 28 17:46:36 fediverse.blog plume[12462]: Successfully sent activity to inbox (https://toot.site/inbox) Its current revision is d0dd23a.
Ghost commented 3 years ago
Poster

I was on 0.6.0 when this issue occured. I currently don't have resources to try a different version at the moment

I was on 0.6.0 when this issue occured. I currently don't have resources to try a different version at the moment
Owner

Okay, next release should include the fix.

Okay, next release should include the fix.
Owner

@Ghost v0.7.0 which includes fix for this issue, has been released!

@Ghost v0.7.0 which includes fix for this issue, has been released!
KitaitiMakoto closed this issue 2 years ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Plume/Plume#910
Loading…
There is no content yet.