Add a comment about why we don't sign object fetches when refetching actor keys

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2022-04-20 09:44:26 +02:00
parent 11bde88a02
commit df8721670a
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773

View file

@ -95,6 +95,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
actor_url = key_id_to_actor_url(kid) actor_url = key_id_to_actor_url(kid)
Logger.debug("Refetching public key for #{actor_url}") Logger.debug("Refetching public key for #{actor_url}")
# In this specific case we don't sign object fetches because
# this would cause infinite recursion when servers both need
# to fetch each other's keys
with {:ok, %Actor{} = actor} <- with {:ok, %Actor{} = actor} <-
ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
get_actor_public_key(actor) get_actor_public_key(actor)