this feels wrong, though! first of all, the ticket shows that we refuse requests signed by other software (akkoma, browser.pub), and that strongly implies that they are also not signing the query then, https://github.com/Chocobozzz/node-http-signature/blob/master/lib/signer.js#L186 only signs the path, but https://github.com/Chocobozzz/node-http-signature/blob/master/lib/parser.js#L292-L293 puts path+query in the string when verifying do we instead need to mangle `request.raw` to exclude the query when verifying? |
||
|---|---|---|
| .. | ||
| backend | ||
| frontend | ||
| frontend-embed | ||
| frontend-shared | ||
| megalodon | ||
| misskey-bubble-game | ||
| misskey-js | ||
| misskey-reversi | ||
| shared | ||
| sw | ||
| meta.json | ||