Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: require non-zero headers for Verify #184

Merged
merged 3 commits into from
May 29, 2024

Conversation

cristaloleg
Copy link
Contributor

Overview

This was shortly discussed with @renaynay. We agreed on documenting that zero trusted header is allowed but untrusted header cannot be zero. Theoretically we can enforce non-zero headers for both but this requires a bit wider discussion inside the team (which we can make in this PR).

@Wondertan
Copy link
Member

I can't recall why we allow zero headers and I don't see a reason to allow this. I guess this is an oversight? I would prefer to disallow that rather than documenting its allowed.

@cristaloleg
Copy link
Contributor Author

Yep, for me it also sounds like an oversight. During discussion with Rene was mentioned that it doesn't bite us (yet!) 'cause we do validation on a higher level.

However, this lib can and is used in the wild. Which may bring bugs to the users. Gonna add validation to the trusted header. Thanks.

Wondertan
Wondertan previously approved these changes May 27, 2024
verify.go Outdated Show resolved Hide resolved
Co-authored-by: Hlib Kanunnikov <[email protected]>
@cristaloleg cristaloleg changed the title docs: document trusted header in Verify feat: require non-zero headers for Verify May 27, 2024
@cristaloleg
Copy link
Contributor Author

@renaynay I renamed the PR.

@renaynay renaynay merged commit edbc71d into main May 29, 2024
4 checks passed
@renaynay renaynay deleted the document-verify-trusted-header branch May 29, 2024 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants