Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add ActivityPub secure mode (#11269)

Browse source 
* Add HTTP signature requirement for served ActivityPub resources

* Change `SECURE_MODE` to `AUTHORIZED_FETCH`

* Add 'Signature' to 'Vary' header and improve code style

* Improve code style by adding `public_fetch_mode?` method
This commit is contained in:
Eugen Rochko 2019-07-11 20:11:09 +02:00 committed by GitHub
parent 4e1260feaa
commit 5bf67ca913
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 89 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/application_controller.rb
View file

@ -36,6 +36,14 @@ class ApplicationController < ActionController::Base
Rails.env.production?
end
def authorized_fetch_mode?
ENV['AUTHORIZED_FETCH'] == 'true'
end
def public_fetch_mode?
!authorized_fetch_mode?
end
def store_current_location
store_location_for(:user, request.url) unless request.format == :json
end
@ -152,6 +160,6 @@ class ApplicationController < ActionController::Base
end
def set_cache_headers
response.headers['Vary'] = 'Accept'
response.headers['Vary'] = 'Accept, Signature'
end
end