versia-pub/api
2
0
Fork 0
mirror of https://github.com/versia-pub/api.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(federation): 🐛 Use encodeURI instead of encodeURIComponent

Browse source 
This method doesn't improperly URLencode the *entire* path including the slashes
This commit is contained in:
Jesse Wierzbinski 2025-02-18 12:16:39 +01:00
parent ae5c3bb281
commit f3cfcc746a
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
federation/cryptography/index.ts
View file

@ -152,7 +152,7 @@ export class SignatureValidator {
new TextEncoder().encode(body),
);
const expectedSignedString = `${method.toLowerCase()} ${encodeURIComponent(url.pathname)} ${timestamp.getTime() / 1000} ${arrayBufferToBase64(digest)}`;
const expectedSignedString = `${method.toLowerCase()} ${encodeURI(url.pathname)} ${timestamp.getTime() / 1000} ${arrayBufferToBase64(digest)}`;
// Check if signed string is valid
const isValid = await crypto.subtle.verify(
@ -305,7 +305,7 @@ export class SignatureConstructor {
new TextEncoder().encode(body ?? ""),
);
const signedString = `${requestOrMethod.toLowerCase()} ${encodeURIComponent(
const signedString = `${requestOrMethod.toLowerCase()} ${encodeURI(
url.pathname,
)} ${finalTimestamp.getTime() / 1000} ${arrayBufferToBase64(digest)}`;