if the digest is in the httpsig, we should also verify it matches content

5 years ago · f14b8d8e6e
parent f55e212238
commit f14b8d8e6e
1 changed files with 6 additions and 0 deletions
--- a/zig.go
+++ b/zig.go
@ -139,6 +139,12 @@ func zag(req *http.Request, content []byte) (string, error) {
 			if s != serverName {
 				log.Printf("caution: servername host header mismatch")
 			}
+		case "digest":
+			s = req.Header.Get(h)
+			expv := "SHA-256=" + sb64sha256(content)
+			if s != expv {
+				return "", fmt.Errorf("digest header '%s' did not match content", s)
+			}
 		default:
 			s = req.Header.Get(h)
 		}