chahine/rebreak-monorepo
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
rebreak-monorepo/ops/pir-server/patches/0001-absolute-issuer-request-uri.patch
chahinebrini 29bbf23405 feat(protection): iOS NEURLFilter-Spike + PIR-Server-Ops 
NEURLFilter-Stack (iOS 26): Extension RebreakURLFilter -> URLFilterExtension
umbenannt, url-filter-provider-Entitlement, Bloom-Prefilter-Extension,
PIR-Client-Config (pirServerURL/pirAuthToken via Build-Env).
PIR-Server-Ops unter ops/pir-server/ (Dockerfile, build-and-deploy, Patches,
DTS-Report). backend/scripts/generate-pir-input.ts erzeugt die PIR-Datenbank.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 18:09:42 +02:00

17 lines
1010 B
Diff
Raw Blame History

diff --git a/Sources/PIRService/Controllers/PrivacyPassController.swift b/Sources/PIRService/Controllers/PrivacyPassController.swift
index 816a6bb..3f71176 100644
--- a/Sources/PIRService/Controllers/PrivacyPassController.swift
+++ b/Sources/PIRService/Controllers/PrivacyPassController.swift
@@ -43,8 +43,10 @@ struct PrivacyPassController<UserAuthenticator: UserTokenAuthenticator> {
tokenKeyBase64Url: spki.base64URLEncodedString(),
notBefore: nil)
}
+ // RFC 9578 §6: issuer-request-uri MUST be absolute — NEURLFilter rejects relative URIs.
+ // Configurable via PIR_ISSUER_REQUEST_URI env var (set in docker run).
// swiftlint:disable:next force_unwrapping
- let issuerRequestUri = URL(string: "/issue")!
+ let issuerRequestUri = URL(string: ProcessInfo.processInfo.environment["PIR_ISSUER_REQUEST_URI"] ?? "/issue")!
return TokenIssuerDirectory(issuerRequestUri: issuerRequestUri, tokenKeys: tokenKeys)
}
Reference in New Issue View Git Blame Copy Permalink