httpsig icon indicating copy to clipboard operation
httpsig copied to clipboard
verified publisher icon go-fed

Fix empty path in request-target

Open anbraten opened this issue 3 years ago • 1 comments

If the path of the url is currently empty `` instead of / the signing fails.

From RFC7540 Section 8.1.2.3:

This pseudo-header field MUST NOT be empty for "http" or "https" URIs; "http" or "https" URIs that do not contain a path component MUST include a value of '/'. The exception to this rule is an OPTIONS request for an "http" or "https" URI that does not include a path component; these MUST include a ":path" pseudo-header field with a value of '*' (see [RFC7230], Section 5.3.4).

In addition I have added the (request-target) data to the actual headers when requested by the user.

anbraten avatar May 14 '22 22:05 anbraten

@cjslep is this lib still maintained ?

ref: https://github.com/woodpecker-ci/example-config-service/pull/10

6543 avatar Aug 18 '23 15:08 6543