28b482874a
* Refactor signature verification a bit * Rescue signature verification if recorded public key is invalid Fixes #8822 * Always re-fetch AP signing key when HTTP Signature verification fails But when the account is not marked as stale, avoid fetching collections and media, and avoid webfinger round-trip. * Apply stoplight to key/account update as well as initial key retrieval |
||
|---|---|---|
| .. | ||
| account_controller_concern.rb | ||
| accountable_concern.rb | ||
| authorization.rb | ||
| export_controller_concern.rb | ||
| localized.rb | ||
| obfuscate_filename.rb | ||
| rate_limit_headers.rb | ||
| session_tracking_concern.rb | ||
| signature_authentication.rb | ||
| signature_verification.rb | ||
| user_tracking_concern.rb | ||