Remove api_key query param to recover signature correctly (#8579)

Co-authored-by: Saliou Diallo <saliou@audius.co>
AudiusProject · May 21, 2024 · ba268e3 · ba268e3
1 parent f531fb1
commit ba268e3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/comms/discovery/server/signed_request.go b/comms/discovery/server/signed_request.go
@@ -53,10 +53,11 @@ func userIdForSignedGet(c echo.Context) (int32, error) {
 		return logError(errors.New("timestamp not current"))
 	}
 
-	// Strip out the app_name query parameter to get the true signature payload
+	// Strip out the app_name and api_key query parameters to get the true signature payload
 	u := *c.Request().URL
 	q := u.Query()
 	q.Del("app_name")
+	q.Del("api_key")
 	q.Del("signature")
 	u.RawQuery = q.Encode()
 	payload := []byte(u.String())