From a764004a42fe727d3c51515e91790952cc2eb97b Mon Sep 17 00:00:00 2001
From: Django Doucet <mediaformat.ux@gmail.com>
Date: Mon, 13 Nov 2023 09:52:59 -0700
Subject: [PATCH] Ignore unknown delete actor requests

---
 includes/rest/class-server.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index bf89038..ec0779d 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -108,6 +108,13 @@ class Server {
 
 		// POST-Requets are always signed
 		if ( 'GET' !== $request->get_method() ) {
+
+			if ( Application::is_actor_delete_request( $request ) ) {
+				if ( ! Application::is_known_actor( $request ) ) {
+					return $response;
+				}
+			}
+
 			$verified_request = Signature::verify_http_signature( $request );
 			if ( \is_wp_error( $verified_request ) ) {
 				return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) );