Fix federation with Pleroma

[alexgleason]

Fixes a problem where federation with Pleroma would result in 400 "Invalid signature"

Here's what Pleroma sees:

[debug] Signature: Wj/gSLT5Sy96i3XdgjoGSR+qvWH7VNZsc39SoLDTpAljBzrMZtvvEy4i0VIjUwXm3tGUwspit5MiTLUHTfTx5RNWr2LYDnxAc8ccKcL3SYWN+F+1M95IDaEUt4Mf3e81dLDcZ+gRT25fNJN2JaSO1hUvjQmoo6vq0h1TtAwUfxc=
[debug] Sigstring: (request-target): post /inbox
(created): 
host: localhost:4000
digest: SHA-256=35CqeIhRQcR4LWS+RmV85RXbJiG/R483vgy8SwlsVi0=
date: Sat, 18 Feb 2023 18:58:04 GMT

Notice (created) being blank.

Unfortunately, Pleroma only supports the (request-target) (and @request-target) pseudo-headers. This is not on purpose, it's a bug in the http_signatures library used to verify requests.

I don't think it's especially important to sign the (created) header when a Digest is available, so the best course of action is to remove it.

(P.S. I'm maintaining a Deno library with Wildebeest's HTTP signature code here: https://gitlab.com/soapbox-pub/fedisign )

[alexgleason]

This broke federation with Mastodon 🤦

Can we just send the Date header even though it's "forbidden" by the Fetch API? That's what it wants.

(And it should be patched on Pleroma, but the thousands of existing servers are not going to get updated overnight.)

[alexgleason]

Superseded by #314