From f8a72f299719d3999c02f2222076906e4b59534d Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Thu, 21 Feb 2019 00:23:17 +0000
Subject: [PATCH] activitypub: sign http date header

---
 lib/pleroma/web/activity_pub/activity_pub.ex | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index d1ac8172e..7e153f396 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -823,11 +823,16 @@ def publish_one(%{inbox: inbox, json: json, actor: actor, id: id} = params) do
 
     digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
 
+    date =
+      NaiveDateTime.utc_now()
+      |> Timex.format!("{WDshort}, {D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
+
     signature =
       Pleroma.Web.HTTPSignatures.sign(actor, %{
         host: host,
         "content-length": byte_size(json),
-        digest: digest
+        digest: digest,
+        date: date
       })
 
     with {:ok, %{status: code}} when code in 200..299 <-
@@ -837,6 +842,7 @@ def publish_one(%{inbox: inbox, json: json, actor: actor, id: id} = params) do
                json,
                [
                  {"Content-Type", "application/activity+json"},
+                 {"Date", date},
                  {"signature", signature},
                  {"digest", digest}
                ]