Fix SignatureParser accepting duplicate parameters in HTTP Signature header#37375
Merged
ClearlyClaire merged 5 commits intomastodon:mainfrom Jan 8, 2026
Merged
Fix SignatureParser accepting duplicate parameters in HTTP Signature header#37375ClearlyClaire merged 5 commits intomastodon:mainfrom
ClearlyClaire merged 5 commits intomastodon:mainfrom
Conversation
ClearlyClaire
approved these changes
Jan 5, 2026
ClearlyClaire
requested changes
Jan 6, 2026
Co-authored-by: Claire <[email protected]>
ClearlyClaire
approved these changes
Jan 8, 2026
ClearlyClaire
added a commit
that referenced
this pull request
Jan 16, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
ClearlyClaire
added a commit
that referenced
this pull request
Jan 16, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
ClearlyClaire
added a commit
that referenced
this pull request
Jan 16, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
ClearlyClaire
added a commit
that referenced
this pull request
Jan 19, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
ClearlyClaire
added a commit
that referenced
this pull request
Jan 19, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
ClearlyClaire
added a commit
that referenced
this pull request
Jan 19, 2026
…header (#37375) Co-authored-by: Claire <[email protected]>
mistydemeo
pushed a commit
to mistydemeo/mastodon
that referenced
this pull request
Jan 20, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
kmycode
pushed a commit
to kmycode/mastodon
that referenced
this pull request
Jan 20, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
mimikun
pushed a commit
to mimikun/mastodon
that referenced
this pull request
Jan 23, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
mimikun
pushed a commit
to mimikun/mastodon
that referenced
this pull request
Jan 23, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
Ember-ruby
pushed a commit
to Ember-ruby/mastodon-glitch
that referenced
this pull request
Jan 24, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
mo-rijndael
pushed a commit
to mastodon-ml/mastodon
that referenced
this pull request
Jan 25, 2026
…header (mastodon#37375) Co-authored-by: Claire <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Detected by SCA, fix by myself. please validate.
From [RFC 7235, Section 2.1](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1): Authentication parameters are name=value pairs, where the name token is matched case-insensitively, and each parameter name MUST only occur once per challenge.ref:
mastodon/app/lib/signed_request.rb
Line 91 in 628cbd2