code doc
This commit is contained in:
parent
ec4e22f570
commit
d2b7c287fc
1 changed files with 3 additions and 1 deletions
|
@ -88,6 +88,7 @@ class Server {
|
|||
public static function authorize_activitypub_requests( $response, $handler, $request ) {
|
||||
$route = $request->get_route();
|
||||
|
||||
// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints
|
||||
if (
|
||||
! str_starts_with( $route, '/' . ACTIVITYPUB_REST_NAMESPACE ) ||
|
||||
str_starts_with( $route, '/' . \trailingslashit( ACTIVITYPUB_REST_NAMESPACE ) . 'webfinger' ) ||
|
||||
|
@ -96,12 +97,13 @@ class Server {
|
|||
return $response;
|
||||
}
|
||||
|
||||
// POST-Requets are always signed
|
||||
if ( 'POST' === $request->get_method() ) {
|
||||
$verified_request = Signature::verify_http_signature( $request );
|
||||
if ( \is_wp_error( $verified_request ) ) {
|
||||
return $verified_request;
|
||||
}
|
||||
} elseif ( 'GET' === $request->get_method() ) {
|
||||
} elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode
|
||||
if ( ACTIVITYPUB_SECURE_MODE ) {
|
||||
$verified_request = Signature::verify_http_signature( $request );
|
||||
if ( \is_wp_error( $verified_request ) ) {
|
||||
|
|
Loading…
Reference in a new issue