From 083a3387fcdc74b737117a018a59a3c2e6f158bd Mon Sep 17 00:00:00 2001
From: grunfink
Date: Tue, 3 Feb 2026 07:15:22 +0100
Subject: Tweaked check_signature() for GET variables.

Instead of unconditionally stripping ? variables when retrieving the keyId,
try first calling actor_request() directly, and only strip them and retry
if it fails.
---
 http.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/http.c b/http.c
index 4f0b2fa..125d346 100644
--- a/http.c
+++ b/http.c
@@ -182,14 +182,22 @@ int check_signature(const xs_dict *req, xs_str **err)
     if ((p = strchr(keyId, '#')) != NULL)
         *p = '\0';
 
-    /* also strip cgi variables */
-    if ((p = strchr(keyId, '?')) != NULL)
-        *p = '\0';
-
     xs *actor = NULL;
     int status;
 
-    if (!valid_status((status = actor_request(NULL, keyId, &actor)))) {
+    /* does it have ? variables? */
+    if ((p = strchr(keyId, '?')) != NULL) {
+        /* try first with them */
+        if (!valid_status((status = actor_request(NULL, keyId, &actor)))) {
+            *p = '\0';
+            /* retry stripping them */
+            status = actor_request(NULL, keyId, &actor);
+        }
+    }
+    else
+        status = actor_request(NULL, keyId, &actor);
+
+    if (!valid_status(status)) {
         *err = xs_fmt("actor request error %s %d", keyId, status);
         return 0;
     }
-- 
cgit v1.2.3