From df8721670aea006a0fbe6509a3c3865a22a12802 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Wed, 20 Apr 2022 09:44:26 +0200
Subject: [PATCH] Add a comment about why we don't sign object fetches when
 refetching actor keys

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/federation/http_signatures/signature.ex | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/federation/http_signatures/signature.ex b/lib/federation/http_signatures/signature.ex
index cebcfb271..d60598ebf 100644
--- a/lib/federation/http_signatures/signature.ex
+++ b/lib/federation/http_signatures/signature.ex
@@ -95,6 +95,9 @@ defmodule Mobilizon.Federation.HTTPSignatures.Signature do
     actor_url = key_id_to_actor_url(kid)
     Logger.debug("Refetching public key for #{actor_url}")
 
+    # In this specific case we don't sign object fetches because
+    # this would cause infinite recursion when servers both need
+    # to fetch each other's keys
     with {:ok, %Actor{} = actor} <-
            ActivityPubActor.make_actor_from_url(actor_url, ignore_sign_object_fetches: true) do
       get_actor_public_key(actor)