@fedify/fedify 1.7.5 → 1.7.7-pr.335.1200

package/dist/federation/middleware.test.js

@@ -3,44 +3,44 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { assertEquals } from "../assert_equals-XhPMqqO2.js";
-import { assert } from "../assert-0DSnLFa8.js";
-import { assertInstanceOf } from "../assert_instance_of-v5adm_-K.js";
+import { assertEquals } from "../assert_equals-CTYbeopb.js";
+import { assert } from "../assert-DmFG7ppO.js";
+import { assertInstanceOf } from "../assert_instance_of-CF09JHYM.js";
 import { MemoryKvStore } from "../kv-BMY6Qf_A.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "../middleware-CrCDov2d.js";
-import { FetchError, fetchDocumentLoader } from "../docloader-BLY7GyoJ.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "../middleware-1g7K0k5I.js";
+import { FetchError, fetchDocumentLoader } from "../docloader-B4d21jdR.js";
 import "../url-kTAI6_KP.js";
 import "../semver-DWClQt_5.js";
-import "../client-CuYHcL1K.js";
+import "../client-Ca3crT54.js";
 import { RouterError } from "../router-D_aVZZUc.js";
 import "../types-C7C_l-jz.js";
 import "../multibase-DeCHcK8L.js";
-import { Activity, Announce, Create, Invite, Multikey, Note, Object as Object$1, Offer, Person } from "../vocab-Cs1Xg69m.js";
+import { Activity, Announce, Create, Invite, Multikey, Note, Object as Object$1, Offer, Person } from "../vocab-6hEwnJ9V.js";
 import "../langstr-DbWheeIS.js";
-import "../lookup-DNZf9_oN.js";
+import "../lookup-BKdjC9iv.js";
 import { getTypeId } from "../type-D2s5lmbZ.js";
-import "../actor-D-zfQLAH.js";
-import "../key-BAckFVRH.js";
-import { signRequest, verifyRequest } from "../http-Cmpdwx_X.js";
-import { getAuthenticatedDocumentLoader } from "../authdocloader-81r40Meg.js";
-import { detachSignature, signJsonLd, verifyJsonLd } from "../ld-S8bkC8Cg.js";
-import { doesActorOwnKey } from "../owner-B5IFvDCy.js";
-import { signObject, verifyObject } from "../proof-CnQWIl9G.js";
-import { lookupObject } from "../lookup-DW0leLqq.js";
-import "../inbox-CcAueP-r.js";
-import "../builder-Cmn0cpiZ.js";
+import "../actor-C2Mfj4Qb.js";
+import "../key--MHORsOK.js";
+import { signRequest, verifyRequest } from "../http-DM-ZrUGQ.js";
+import { getAuthenticatedDocumentLoader } from "../authdocloader-CJnvh79G.js";
+import { detachSignature, signJsonLd, verifyJsonLd } from "../ld-DgQMpAqt.js";
+import { doesActorOwnKey } from "../owner-Bmyaijjl.js";
+import { signObject, verifyObject } from "../proof-Jt13veui.js";
+import { lookupObject } from "../lookup-BOXeOCAs.js";
+import "../inbox-CxhB9_EB.js";
+import "../builder-CSktHhko.js";
 import "../collection-Dfb0TPno.js";
-import "../keycache-Ce9ou6p4.js";
+import "../keycache-qwrVvJSf.js";
 import "../retry-BiIhZWgD.js";
-import "../send-IlYZ_CVt.js";
+import "../send-JhSmt6iS.js";
 import { test } from "../testing-BZ0dJ4qn.js";
-import { assertStrictEquals } from "../std__assert-CmyZxqPw.js";
-import { assertFalse, assertRejects } from "../assert_rejects-D_nYI1gs.js";
-import "../assert_is_error-Drwb_yQp.js";
-import { assertNotEquals } from "../assert_not_equals-BRPdeJ9D.js";
-import { assertThrows } from "../assert_throws-DNuPhPNp.js";
+import { assertStrictEquals } from "../std__assert-vp0TKMS1.js";
+import { assertFalse, assertRejects } from "../assert_rejects-C-sxEMM5.js";
+import "../assert_is_error-nrwA1GeT.js";
+import { assertNotEquals } from "../assert_not_equals-Dc7y-V5Q.js";
+import { assertThrows } from "../assert_throws-Cn9C6Jur.js";
 import { mockDocumentLoader } from "../docloader-09nVWLAZ.js";
-import { ed25519Multikey, ed25519PrivateKey, ed25519PublicKey, rsaPrivateKey2, rsaPrivateKey3, rsaPublicKey2, rsaPublicKey3 } from "../keys-DcrALCdq.js";
+import { ed25519Multikey, ed25519PrivateKey, ed25519PublicKey, rsaPrivateKey2, rsaPrivateKey3, rsaPublicKey2, rsaPublicKey3 } from "../keys-BoATr8-t.js";
 import { esm_default } from "../esm-CASHO3OR.js";
 
 //#region testing/fixtures/example.com/person.json

package/dist/federation/mod.d.ts

@@ -5,11 +5,11 @@ import "../docloader-Q42SMRIB.js";
 import "../client-DvtwXO7t.js";
 import "../vocab-CzEfWQk2.js";
 import "../actor-CPpvuBKU.js";
-import "../http-B8EiSgi2.js";
+import "../http-DMTrO3Ye.js";
 import "../owner-D0cOz8R5.js";
 import "../mod-CDzlVCUF.js";
 import "../lookup-Bf-K85bV.js";
-import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, Context, CreateExponentialBackoffPolicyOptions, CreateFederationOptions, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, PageItems, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context-DPggmpB4.js";
+import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, Context, CreateExponentialBackoffPolicyOptions, CreateFederationOptions, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, PageItems, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context-OBWjptjU.js";
 import { InProcessMessageQueue, InProcessMessageQueueOptions, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, ParallelMessageQueue } from "../mq-DYKDDJmp.js";
 import "../mod-g0xFzAP9.js";
 export { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, Context, CreateExponentialBackoffPolicyOptions, CreateFederationOptions, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, KvKey, KvStore, KvStoreSetOptions, MemoryKvStore, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };

package/dist/federation/mod.js

@@ -3,16 +3,16 @@
       import { URLPattern } from "urlpattern-polyfill";
     
 import "../transformers-ghwJuzGY.js";
-import "../docloader-Ck2GBnC3.js";
-import "../actor-CKXuhyRT.js";
-import { Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-Ba2-qvzk.js";
-import "../lookup-CQ5H1v6m.js";
-import "../key-D1uKqeD5.js";
-import "../http-B6yJ2mAf.js";
-import "../proof-C6nF-oYD.js";
+import "../docloader-DcpH5qdc.js";
+import "../actor-DeD8Ssmc.js";
+import { Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-BNxCJDxz.js";
+import "../lookup-CQ7kGOlJ.js";
+import "../key-E19_5jHF.js";
+import "../http-Ci4FgdSu.js";
+import "../proof-DNoyFe-l.js";
 import { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue } from "../federation-BRIQn-GV.js";
-import "../types-BAIE7lzA.js";
-import "../authdocloader-CFk80WJv.js";
-import "../vocab-BdvvrpJb.js";
+import "../types-B2aUNSNz.js";
+import "../authdocloader-CI3H7pXi.js";
+import "../vocab-B19EfPCZ.js";
 
 export { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue, Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };

package/dist/federation/mq.test.js

@@ -3,15 +3,15 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { assertEquals } from "../assert_equals-XhPMqqO2.js";
-import { assert } from "../assert-0DSnLFa8.js";
-import "../assert_instance_of-v5adm_-K.js";
+import { assertEquals } from "../assert_equals-CTYbeopb.js";
+import { assert } from "../assert-DmFG7ppO.js";
+import "../assert_instance_of-CF09JHYM.js";
 import { test } from "../testing-BZ0dJ4qn.js";
-import { assertGreater, assertGreaterOrEqual } from "../std__assert-CmyZxqPw.js";
-import { assertFalse } from "../assert_rejects-D_nYI1gs.js";
-import "../assert_is_error-Drwb_yQp.js";
-import "../assert_not_equals-BRPdeJ9D.js";
-import "../assert_throws-DNuPhPNp.js";
+import { assertGreater, assertGreaterOrEqual } from "../std__assert-vp0TKMS1.js";
+import { assertFalse } from "../assert_rejects-C-sxEMM5.js";
+import "../assert_is_error-nrwA1GeT.js";
+import "../assert_not_equals-Dc7y-V5Q.js";
+import "../assert_throws-Cn9C6Jur.js";
 import { delay } from "@es-toolkit/es-toolkit";
 
 //#region federation/mq.ts

package/dist/federation/retry.test.js

@@ -3,10 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { AssertionError, assertEquals } from "../assert_equals-XhPMqqO2.js";
+import { AssertionError, assertEquals } from "../assert_equals-CTYbeopb.js";
 import { createExponentialBackoffPolicy } from "../retry-BiIhZWgD.js";
 import { test } from "../testing-BZ0dJ4qn.js";
-import { assertNotEquals } from "../assert_not_equals-BRPdeJ9D.js";
+import { assertNotEquals } from "../assert_not_equals-Dc7y-V5Q.js";
 
 //#region federation/retry.test.ts
 test("createExponentialBackoffPolicy()", () => {

package/dist/federation/router.test.js

@@ -3,16 +3,16 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { assertEquals } from "../assert_equals-XhPMqqO2.js";
-import { assert } from "../assert-0DSnLFa8.js";
-import "../assert_instance_of-v5adm_-K.js";
+import { assertEquals } from "../assert_equals-CTYbeopb.js";
+import { assert } from "../assert-DmFG7ppO.js";
+import "../assert_instance_of-CF09JHYM.js";
 import { Router, RouterError } from "../router-D_aVZZUc.js";
 import { test } from "../testing-BZ0dJ4qn.js";
-import "../std__assert-CmyZxqPw.js";
-import { assertFalse } from "../assert_rejects-D_nYI1gs.js";
-import "../assert_is_error-Drwb_yQp.js";
-import "../assert_not_equals-BRPdeJ9D.js";
-import { assertThrows } from "../assert_throws-DNuPhPNp.js";
+import "../std__assert-vp0TKMS1.js";
+import { assertFalse } from "../assert_rejects-C-sxEMM5.js";
+import "../assert_is_error-nrwA1GeT.js";
+import "../assert_not_equals-Dc7y-V5Q.js";
+import { assertThrows } from "../assert_throws-Cn9C6Jur.js";
 
 //#region federation/router.test.ts
 function setUp(options = {}) {

package/dist/federation/send.test.js

@@ -3,29 +3,29 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { assertEquals } from "../assert_equals-XhPMqqO2.js";
-import { assert } from "../assert-0DSnLFa8.js";
-import "../assert_instance_of-v5adm_-K.js";
-import "../docloader-BLY7GyoJ.js";
+import { assertEquals } from "../assert_equals-CTYbeopb.js";
+import { assert } from "../assert-DmFG7ppO.js";
+import "../assert_instance_of-CF09JHYM.js";
+import "../docloader-B4d21jdR.js";
 import "../url-kTAI6_KP.js";
 import "../multibase-DeCHcK8L.js";
-import { Activity, Application, Endpoints, Group, Person, Service } from "../vocab-Cs1Xg69m.js";
+import { Activity, Application, Endpoints, Group, Person, Service } from "../vocab-6hEwnJ9V.js";
 import "../langstr-DbWheeIS.js";
-import "../lookup-DNZf9_oN.js";
+import "../lookup-BKdjC9iv.js";
 import "../type-D2s5lmbZ.js";
-import "../actor-D-zfQLAH.js";
-import "../key-BAckFVRH.js";
-import { verifyRequest } from "../http-Cmpdwx_X.js";
-import { doesActorOwnKey } from "../owner-B5IFvDCy.js";
-import { extractInboxes, sendActivity } from "../send-IlYZ_CVt.js";
+import "../actor-C2Mfj4Qb.js";
+import "../key--MHORsOK.js";
+import { verifyRequest } from "../http-DM-ZrUGQ.js";
+import { doesActorOwnKey } from "../owner-Bmyaijjl.js";
+import { extractInboxes, sendActivity } from "../send-JhSmt6iS.js";
 import { test } from "../testing-BZ0dJ4qn.js";
-import "../std__assert-CmyZxqPw.js";
-import { assertFalse, assertRejects } from "../assert_rejects-D_nYI1gs.js";
-import "../assert_is_error-Drwb_yQp.js";
-import { assertNotEquals } from "../assert_not_equals-BRPdeJ9D.js";
-import "../assert_throws-DNuPhPNp.js";
+import "../std__assert-vp0TKMS1.js";
+import { assertFalse, assertRejects } from "../assert_rejects-C-sxEMM5.js";
+import "../assert_is_error-nrwA1GeT.js";
+import { assertNotEquals } from "../assert_not_equals-Dc7y-V5Q.js";
+import "../assert_throws-Cn9C6Jur.js";
 import { mockDocumentLoader } from "../docloader-09nVWLAZ.js";
-import { ed25519Multikey, ed25519PrivateKey, rsaPrivateKey2, rsaPublicKey2 } from "../keys-DcrALCdq.js";
+import { ed25519Multikey, ed25519PrivateKey, rsaPrivateKey2, rsaPublicKey2 } from "../keys-BoATr8-t.js";
 import { esm_default } from "../esm-CASHO3OR.js";
 
 //#region federation/send.test.ts

package/dist/{http-B6yJ2mAf.js → http-Ci4FgdSu.js}

@@ -2,9 +2,9 @@
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
     
-import { deno_default } from "./docloader-Ck2GBnC3.js";
-import { CryptographicKey } from "./actor-CKXuhyRT.js";
-import { fetchKey, validateCryptoKey } from "./key-D1uKqeD5.js";
+import { deno_default } from "./docloader-DcpH5qdc.js";
+import { CryptographicKey } from "./actor-DeD8Ssmc.js";
+import { fetchKey, validateCryptoKey } from "./key-E19_5jHF.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
@@ -30,8 +30,8 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
-			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime);
-			else signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime);
+			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime, options.body);
+			else signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime, options.body);
 			if (span.isRecording()) {
 				span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
 				span.setAttribute(ATTR_URL_FULL, signed.url);
@@ -50,10 +50,10 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 		}
 	});
 }
-async function signRequestDraft(request, privateKey, keyId, span, currentTime) {
+async function signRequestDraft(request, privateKey, keyId, span, currentTime, bodyBuffer) {
 	if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
 	const url = new URL(request.url);
-	const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
+	const body = bodyBuffer !== void 0 ? bodyBuffer : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	const headers = new Headers(request.headers);
 	if (!headers.has("Host")) headers.set("Host", url.host);
 	if (!headers.has("Digest") && body != null) {
@@ -184,10 +184,10 @@ function parseRfc9421Signature(signature) {
 	for (const [key, value] of Object.entries(dict)) if (value.value instanceof Uint8Array) result[key] = value.value;
 	return result;
 }
-async function signRequestRfc9421(request, privateKey, keyId, span, currentTime) {
+async function signRequestRfc9421(request, privateKey, keyId, span, currentTime, bodyBuffer) {
 	if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
 	const url = new URL(request.url);
-	const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
+	const body = bodyBuffer !== void 0 ? bodyBuffer : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	const headers = new Headers(request.headers);
 	if (!headers.has("Host")) headers.set("Host", url.host);
 	if (!headers.has("Content-Digest") && body != null) {
@@ -647,11 +647,12 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 * Helper function to create a new Request for redirect handling.
 * @param request The original request.
 * @param location The redirect location.
-* @param body The request body as ArrayBuffer or undefined.
+* @param body The request body as ArrayBuffer or null.
 * @returns A new Request object for the redirect.
 */
 function createRedirectRequest(request, location, body) {
-	return new Request(location, {
+	const url = new URL(location, request.url);
+	return new Request(url, {
 		method: request.method,
 		headers: request.headers,
 		body,
@@ -680,16 +681,20 @@ async function doubleKnock(request, identity, options = {}) {
 	const { specDeterminer, log, tracerProvider } = options;
 	const origin = new URL(request.url).origin;
 	const firstTrySpec = specDeterminer == null ? "rfc9421" : await specDeterminer.determineSpec(origin);
+	const body = options.body !== void 0 ? options.body : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	let signedRequest = await signRequest(request, identity.privateKey, identity.keyId, {
 		spec: firstTrySpec,
-		tracerProvider
+		tracerProvider,
+		body
 	});
 	log?.(signedRequest);
 	let response = await fetch(signedRequest, { redirect: "manual" });
 	if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 		const location = response.headers.get("Location");
-		const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : void 0;
-		return doubleKnock(createRedirectRequest(request, location, body), identity, options);
+		return doubleKnock(createRedirectRequest(request, location, body), identity, {
+			...options,
+			body
+		});
 	} else if (response.status === 400 || response.status === 401 || response.status > 401) {
 		const spec = firstTrySpec === "draft-cavage-http-signatures-12" ? "rfc9421" : "draft-cavage-http-signatures-12";
 		getLogger([
@@ -704,14 +709,17 @@ async function doubleKnock(request, identity, options = {}) {
 		});
 		signedRequest = await signRequest(request, identity.privateKey, identity.keyId, {
 			spec,
-			tracerProvider
+			tracerProvider,
+			body
 		});
 		log?.(signedRequest);
 		response = await fetch(signedRequest, { redirect: "manual" });
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			const location = response.headers.get("Location");
-			const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : void 0;
-			return doubleKnock(createRedirectRequest(request, location, body), identity, options);
+			return doubleKnock(createRedirectRequest(request, location, body), identity, {
+				...options,
+				body
+			});
 		} else if (response.status !== 400 && response.status !== 401) await specDeterminer?.rememberSpec(origin, spec);
 	} else await specDeterminer?.rememberSpec(origin, firstTrySpec);
 	return response;

package/dist/{http-Cmpdwx_X.js → http-DM-ZrUGQ.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./docloader-BLY7GyoJ.js";
-import { CryptographicKey } from "./vocab-Cs1Xg69m.js";
-import { fetchKey, validateCryptoKey } from "./key-BAckFVRH.js";
+import { deno_default } from "./docloader-B4d21jdR.js";
+import { CryptographicKey } from "./vocab-6hEwnJ9V.js";
+import { fetchKey, validateCryptoKey } from "./key--MHORsOK.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
@@ -31,8 +31,8 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
-			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime);
-			else signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime);
+			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime, options.body);
+			else signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime, options.body);
 			if (span.isRecording()) {
 				span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
 				span.setAttribute(ATTR_URL_FULL, signed.url);
@@ -51,10 +51,10 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 		}
 	});
 }
-async function signRequestDraft(request, privateKey, keyId, span, currentTime) {
+async function signRequestDraft(request, privateKey, keyId, span, currentTime, bodyBuffer) {
 	if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
 	const url = new URL(request.url);
-	const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
+	const body = bodyBuffer !== void 0 ? bodyBuffer : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	const headers = new Headers(request.headers);
 	if (!headers.has("Host")) headers.set("Host", url.host);
 	if (!headers.has("Digest") && body != null) {
@@ -185,10 +185,10 @@ function parseRfc9421Signature(signature) {
 	for (const [key, value] of Object.entries(dict)) if (value.value instanceof Uint8Array) result[key] = value.value;
 	return result;
 }
-async function signRequestRfc9421(request, privateKey, keyId, span, currentTime) {
+async function signRequestRfc9421(request, privateKey, keyId, span, currentTime, bodyBuffer) {
 	if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
 	const url = new URL(request.url);
-	const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
+	const body = bodyBuffer !== void 0 ? bodyBuffer : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	const headers = new Headers(request.headers);
 	if (!headers.has("Host")) headers.set("Host", url.host);
 	if (!headers.has("Content-Digest") && body != null) {
@@ -648,11 +648,12 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 * Helper function to create a new Request for redirect handling.
 * @param request The original request.
 * @param location The redirect location.
-* @param body The request body as ArrayBuffer or undefined.
+* @param body The request body as ArrayBuffer or null.
 * @returns A new Request object for the redirect.
 */
 function createRedirectRequest(request, location, body) {
-	return new Request(location, {
+	const url = new URL(location, request.url);
+	return new Request(url, {
 		method: request.method,
 		headers: request.headers,
 		body,
@@ -681,16 +682,20 @@ async function doubleKnock(request, identity, options = {}) {
 	const { specDeterminer, log, tracerProvider } = options;
 	const origin = new URL(request.url).origin;
 	const firstTrySpec = specDeterminer == null ? "rfc9421" : await specDeterminer.determineSpec(origin);
+	const body = options.body !== void 0 ? options.body : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
 	let signedRequest = await signRequest(request, identity.privateKey, identity.keyId, {
 		spec: firstTrySpec,
-		tracerProvider
+		tracerProvider,
+		body
 	});
 	log?.(signedRequest);
 	let response = await fetch(signedRequest, { redirect: "manual" });
 	if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 		const location = response.headers.get("Location");
-		const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : void 0;
-		return doubleKnock(createRedirectRequest(request, location, body), identity, options);
+		return doubleKnock(createRedirectRequest(request, location, body), identity, {
+			...options,
+			body
+		});
 	} else if (response.status === 400 || response.status === 401 || response.status > 401) {
 		const spec = firstTrySpec === "draft-cavage-http-signatures-12" ? "rfc9421" : "draft-cavage-http-signatures-12";
 		getLogger([
@@ -705,14 +710,17 @@ async function doubleKnock(request, identity, options = {}) {
 		});
 		signedRequest = await signRequest(request, identity.privateKey, identity.keyId, {
 			spec,
-			tracerProvider
+			tracerProvider,
+			body
 		});
 		log?.(signedRequest);
 		response = await fetch(signedRequest, { redirect: "manual" });
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			const location = response.headers.get("Location");
-			const body = request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : void 0;
-			return doubleKnock(createRedirectRequest(request, location, body), identity, options);
+			return doubleKnock(createRedirectRequest(request, location, body), identity, {
+				...options,
+				body
+			});
 		} else if (response.status !== 400 && response.status !== 401) await specDeterminer?.rememberSpec(origin, spec);
 	} else await specDeterminer?.rememberSpec(origin, firstTrySpec);
 	return response;

package/dist/{http-B8EiSgi2.d.ts → http-DMTrO3Ye.d.ts}

@@ -148,6 +148,11 @@ interface SignRequestOptions {
    * @since 1.6.0
    */
   currentTime?: Temporal.Instant;
+  /**
+   * The request body as ArrayBuffer. If provided, avoids cloning the request body.
+   * @since 1.7.7
+   */
+  body?: ArrayBuffer | null;
   /**
    * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
    * is used.

package/dist/{inbox-CcAueP-r.js → inbox-CxhB9_EB.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./docloader-BLY7GyoJ.js";
-import { Activity } from "./vocab-Cs1Xg69m.js";
+import { deno_default } from "./docloader-B4d21jdR.js";
+import { Activity } from "./vocab-6hEwnJ9V.js";
 import { getTypeId } from "./type-D2s5lmbZ.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";

package/dist/{key-BAckFVRH.js → key--MHORsOK.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default, getDocumentLoader } from "./docloader-BLY7GyoJ.js";
-import { CryptographicKey, Object as Object$1 } from "./vocab-Cs1Xg69m.js";
-import { isActor } from "./actor-D-zfQLAH.js";
+import { deno_default, getDocumentLoader } from "./docloader-B4d21jdR.js";
+import { CryptographicKey, Object as Object$1 } from "./vocab-6hEwnJ9V.js";
+import { isActor } from "./actor-C2Mfj4Qb.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 

package/dist/{key-Cj0F3jFv.js → key-B6feD_h3.js}

@@ -2,9 +2,9 @@
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
     
-import "./docloader-Ck2GBnC3.js";
-import "./actor-CKXuhyRT.js";
-import "./lookup-CQ5H1v6m.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-D1uKqeD5.js";
+import "./docloader-DcpH5qdc.js";
+import "./actor-DeD8Ssmc.js";
+import "./lookup-CQ7kGOlJ.js";
+import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-E19_5jHF.js";
 
 export { validateCryptoKey };

package/dist/{key-rZ_Yr0Yr.js → key-CNu5TLEL.js}

@@ -3,14 +3,14 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "./docloader-BLY7GyoJ.js";
+import "./docloader-B4d21jdR.js";
 import "./url-kTAI6_KP.js";
 import "./multibase-DeCHcK8L.js";
-import "./vocab-Cs1Xg69m.js";
+import "./vocab-6hEwnJ9V.js";
 import "./langstr-DbWheeIS.js";
-import "./lookup-DNZf9_oN.js";
+import "./lookup-BKdjC9iv.js";
 import "./type-D2s5lmbZ.js";
-import "./actor-D-zfQLAH.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-BAckFVRH.js";
+import "./actor-C2Mfj4Qb.js";
+import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key--MHORsOK.js";
 
 export { validateCryptoKey };

package/dist/{key-D1uKqeD5.js → key-E19_5jHF.js}

@@ -2,8 +2,8 @@
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
     
-import { deno_default, getDocumentLoader } from "./docloader-Ck2GBnC3.js";
-import { CryptographicKey, Object as Object$1, isActor } from "./actor-CKXuhyRT.js";
+import { deno_default, getDocumentLoader } from "./docloader-DcpH5qdc.js";
+import { CryptographicKey, Object as Object$1, isActor } from "./actor-DeD8Ssmc.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 

package/dist/{keycache-Ce9ou6p4.js → keycache-qwrVvJSf.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey } from "./vocab-Cs1Xg69m.js";
+import { CryptographicKey, Multikey } from "./vocab-6hEwnJ9V.js";
 
 //#region federation/keycache.ts
 var KvKeyCache = class {

package/dist/{keys-DcrALCdq.js → keys-BoATr8-t.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey, importSpki } from "./vocab-Cs1Xg69m.js";
+import { CryptographicKey, Multikey, importSpki } from "./vocab-6hEwnJ9V.js";
 
 //#region testing/keys.ts
 const rsaPublicKey1 = new CryptographicKey({

package/dist/{ld-S8bkC8Cg.js → ld-DgQMpAqt.js}

@@ -3,10 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default, getDocumentLoader } from "./docloader-BLY7GyoJ.js";
-import { Activity, CryptographicKey, Object as Object$1 } from "./vocab-Cs1Xg69m.js";
+import { deno_default, getDocumentLoader } from "./docloader-B4d21jdR.js";
+import { Activity, CryptographicKey, Object as Object$1 } from "./vocab-6hEwnJ9V.js";
 import { getTypeId } from "./type-D2s5lmbZ.js";
-import { fetchKey, validateCryptoKey } from "./key-BAckFVRH.js";
+import { fetchKey, validateCryptoKey } from "./key--MHORsOK.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";

package/dist/{lookup-DNZf9_oN.js → lookup-BKdjC9iv.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default, getUserAgent } from "./docloader-BLY7GyoJ.js";
+import { deno_default, getUserAgent } from "./docloader-B4d21jdR.js";
 import { UrlError, validatePublicUrl } from "./url-kTAI6_KP.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";

package/dist/{lookup-DW0leLqq.js → lookup-BOXeOCAs.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default, getDocumentLoader } from "./docloader-BLY7GyoJ.js";
-import { Object as Object$1 } from "./vocab-Cs1Xg69m.js";
-import { lookupWebFinger } from "./lookup-DNZf9_oN.js";
+import { deno_default, getDocumentLoader } from "./docloader-B4d21jdR.js";
+import { Object as Object$1 } from "./vocab-6hEwnJ9V.js";
+import { lookupWebFinger } from "./lookup-BKdjC9iv.js";
 import { getTypeId } from "./type-D2s5lmbZ.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";

package/dist/{lookup-CQ5H1v6m.js → lookup-CQ7kGOlJ.js}

@@ -2,7 +2,7 @@
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
     
-import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-Ck2GBnC3.js";
+import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-DcpH5qdc.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";