Got to the bottom of some #HTTPSignature verification problems I'd been having.
It turns out #Pleroma ignores the port in the host header when signing. But only if it's a GET. If it's a POST, it includes the port. Seems weird to me...
Oh, in cases like these I don't spend too much time trying to track down the bug.
I just make the developers aware of the bug, and hopefully one of them will just know where the problem is without needing to look too hard.
@volkris Oh, I get what you mean. But I was writing some HTTP signature code and spent far too long trying to find out why what I calculated didn't match Pleroma's signatures. It took me a while to catch on that my code was right!
@volkris I don't know if I have enough fight in me left now that I've tracked the problem down to someone else's code in a language I've never used... I am trying though!