summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
Diffstat (limited to 'core')
-rw-r--r--core/signatures.py12
1 files changed, 6 insertions, 6 deletions
diff --git a/core/signatures.py b/core/signatures.py
index 640483a..d0443c3 100644
--- a/core/signatures.py
+++ b/core/signatures.py
@@ -142,19 +142,19 @@ class HttpSignature:
Verifies that the request has a valid signature for its body
"""
# Verify body digest
- if "HTTP_DIGEST" in request.META:
+ if "digest" in request.headers:
expected_digest = HttpSignature.calculate_digest(request.body)
- if request.META["HTTP_DIGEST"] != expected_digest:
+ if request.headers["digest"] != expected_digest:
raise VerificationFormatError("Digest is incorrect")
# Verify date header
- if "HTTP_DATE" in request.META and not skip_date:
- header_date = parse_http_date(request.META["HTTP_DATE"])
+ if "date" in request.headers and not skip_date:
+ header_date = parse_http_date(request.headers["date"])
if abs(timezone.now().timestamp() - header_date) > 60:
raise VerificationFormatError("Date is too far away")
# Get the signature details
- if "HTTP_SIGNATURE" not in request.META:
+ if "signature" not in request.headers:
raise VerificationFormatError("No signature header present")
- signature_details = cls.parse_signature(request.META["HTTP_SIGNATURE"])
+ signature_details = cls.parse_signature(request.headers["signature"])
# Reject unknown algorithms
if signature_details["algorithm"] != "rsa-sha256":
raise VerificationFormatError("Unknown signature algorithm")