Add HTTP signatures to WebFinger requests

Some ActivityPub implementations like GoToSocial require HTTP signatures
for all requests, including WebFinger lookups. Previously, WebFinger
requests were made without signatures, causing 401 Unauthorized errors
when trying to resolve mentions for users on these platforms.

This updates Webfinger::get_data() to use Http::get() which includes
HTTP signature authentication, while using a filter to override the
Accept header to the WebFinger-appropriate application/jrd+json.

Fixes #2593.

Author: obenland

includes/class-webfinger.php

@@ -215,14 +215,16 @@ public static function get_data( $uri ) {
 			\rawurlencode( $identifier )
 		);
 
-		$response = \wp_safe_remote_get(
-			$webfinger_url,
-			array(
-				'headers' => array( 'Accept' => 'application/jrd+json' ),
-			)
-		);
+		$set_accept_header = function ( $args ) {
+			$args['headers']['Accept'] = 'application/jrd+json';
+			return $args;
+		};
+
+		\add_filter( 'http_request_args', $set_accept_header );
+		$response = Http::get( $webfinger_url );
+		\remove_filter( 'http_request_args', $set_accept_header );
 
-		if ( \is_wp_error( $response ) || \wp_remote_retrieve_response_code( $response ) >= 400 ) {
+		if ( \is_wp_error( $response ) ) {
 			return new \WP_Error(
 				'webfinger_url_not_accessible',
 				__( 'The WebFinger Resource is not accessible.', 'activitypub' ),