-
Notifications
You must be signed in to change notification settings - Fork 83
Add HTTP signatures to WebFinger requests #2594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| Significance: patch | ||
| Type: fixed | ||
|
|
||
| Mentions now work with GoToSocial and other platforms that require signed requests. |
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -215,14 +215,16 @@ public static function get_data( $uri ) { | |||||||||||||||||||||||||||||
| \rawurlencode( $identifier ) | ||||||||||||||||||||||||||||||
| ); | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| $response = \wp_safe_remote_get( | ||||||||||||||||||||||||||||||
| $webfinger_url, | ||||||||||||||||||||||||||||||
| array( | ||||||||||||||||||||||||||||||
| 'headers' => array( 'Accept' => 'application/jrd+json' ), | ||||||||||||||||||||||||||||||
| ) | ||||||||||||||||||||||||||||||
| ); | ||||||||||||||||||||||||||||||
| $set_accept_header = function ( $args ) { | ||||||||||||||||||||||||||||||
| $args['headers']['Accept'] = 'application/jrd+json'; | ||||||||||||||||||||||||||||||
| return $args; | ||||||||||||||||||||||||||||||
| }; | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| \add_filter( 'http_request_args', $set_accept_header ); | ||||||||||||||||||||||||||||||
| $response = Http::get( $webfinger_url ); | ||||||||||||||||||||||||||||||
| \remove_filter( 'http_request_args', $set_accept_header ); | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
|
Comment on lines
+218
to
226
|
||||||||||||||||||||||||||||||
| $set_accept_header = function ( $args ) { | |
| $args['headers']['Accept'] = 'application/jrd+json'; | |
| return $args; | |
| }; | |
| \add_filter( 'http_request_args', $set_accept_header ); | |
| $response = Http::get( $webfinger_url ); | |
| \remove_filter( 'http_request_args', $set_accept_header ); | |
| // Set Accept header directly in the request arguments to avoid global filter side effects. | |
| $response = Http::get( $webfinger_url, array( | |
| 'headers' => array( | |
| 'Accept' => 'application/jrd+json', | |
| ), | |
| ) ); |
Copilot
AI
Dec 5, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The removal of the HTTP status code check || \wp_remote_retrieve_response_code( $response ) >= 400 means that 4xx and 5xx HTTP errors will no longer be caught and converted to WP_Error. This could allow invalid responses (like 404 or 500) to proceed to parsing, potentially causing downstream errors. The status code validation should be retained alongside the WP_Error check.
| if ( \is_wp_error( $response ) ) { | |
| if ( \is_wp_error( $response ) || \wp_remote_retrieve_response_code( $response ) >= 400 ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The filter function directly assigns to
$args['headers']['Accept']without checking if the 'headers' key exists. If$args['headers']is not set, this will create it, but it's safer to check or use array merging to avoid potential issues with existing header configurations.