BYOK Personal Data Server (PDS) written in Go
ipfs vow atproto pds go
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(oauth): check proper host

+16 -2
+5 -1
server/handle_oauth_par.go
··· 68 68 } else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" { 69 69 scheme = proto 70 70 } 71 - dpopProof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, scheme+"://"+r.Host+r.URL.String(), r.Header, nil) 71 + host := r.Host 72 + if fwdHost := r.Header.Get("X-Forwarded-Host"); fwdHost != "" { 73 + host = fwdHost 74 + } 75 + dpopProof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, scheme+"://"+host+r.URL.String(), r.Header, nil) 72 76 if err != nil { 73 77 if errors.Is(err, dpop.ErrUseDpopNonce) { 74 78 nonce := s.oauthProvider.NextNonce()
+11 -1
server/handle_oauth_token.go
··· 73 73 ClientAssertion: req.ClientAssertion, 74 74 } 75 75 76 - proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, r.URL.String(), r.Header, nil) 76 + scheme := "https" 77 + if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") == "" { 78 + scheme = "http" 79 + } else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" { 80 + scheme = proto 81 + } 82 + host := r.Host 83 + if fwdHost := r.Header.Get("X-Forwarded-Host"); fwdHost != "" { 84 + host = fwdHost 85 + } 86 + proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, scheme+"://"+host+r.URL.String(), r.Header, nil) 77 87 if err != nil { 78 88 if errors.Is(err, dpop.ErrUseDpopNonce) { 79 89 nonce := s.oauthProvider.NextNonce()