Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cache module break HTTP Signatures #116

Open
imlonghao opened this issue Dec 10, 2024 · 2 comments · May be fixed by darkweak/souin#589
Open

cache module break HTTP Signatures #116

imlonghao opened this issue Dec 10, 2024 · 2 comments · May be fixed by darkweak/souin#589

Comments

@imlonghao
Copy link

Here is the background, I set up a GoToSocial instance and put it behind caddy with this cache module enabled.

I can't follow my account on this instance from the others like https://mastodon.social/

Then I noticed that there are lots of 401 Unauthorized logs in the instance.

I figured out when other instance fetching my resource, they signed their HTTP requests, request_uri+Date+Host are signed.

And somehow, this cache plugin, overwritten the Date header, made the signature invalid.

For example, it changed the Date header from Date: Tue, 10 Dec 2024 06:24:24 GMT to Date: Tue, 10 Dec 2024 06:24:24 UTC

@imlonghao
Copy link
Author

I manually comment out this line to solve this issue.

https://github.com/darkweak/souin/blob/7fb48f52de3dc2778538ef65fd6329d998f76151/context/now.go#L23

@darkweak
Copy link
Collaborator

Hi @imlonghao I will write a patch for that to set the date only if the date is not already set in the request.

darkweak added a commit to darkweak/souin that referenced this issue Dec 22, 2024
@darkweak darkweak linked a pull request Dec 24, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants