fix request-target route,

remove $actor from verify_http_signature
This commit is contained in:
Django Doucet 2023-05-05 23:50:49 -06:00
parent 0d5c249eaf
commit dc8e1e0f3e

View file

@ -134,13 +134,11 @@ class Signature {
public static function verify_http_signature( $request ) {
if ( is_object( $request ) ) { // REST Request object
$headers = $request->get_headers();
$actor = isset( json_decode( $request->get_body() )->actor ) ? json_decode( $request->get_body() )->actor : '';
$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route();
$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /' . rest_get_url_prefix() . $request->get_route();
} else {
$request = self::format_server_request( $request );
$headers = $request['headers']; // $_SERVER array
$headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0];
$actor = '';
}
if ( ! isset( $headers['signature'] ) ) {