Verify HTTP signatures only when request accepts "activity+json" type

lib/pleroma/plugs/http_signature.ex

@@ -4,6 +4,7 @@
 
 defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   import Plug.Conn
+  import Phoenix.Controller, only: [get_format: 1, text: 2]
   require Logger
 
   def init(options) do
@@ -15,9 +16,13 @@ def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
   end
 
   def call(conn, _opts) do
+    if get_format(conn) == "activity+json" do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()
+    else
+      conn
+    end
   end
 
   defp maybe_assign_valid_signature(conn) do
@@ -51,7 +56,7 @@ defp maybe_require_signature(conn) do
     if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
       conn
       |> put_status(:unauthorized)
-      |> Phoenix.Controller.text("Request not signed")
+      |> text("Request not signed")
       |> halt()
     else
       conn

test/plugs/http_signature_plug_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   alias Pleroma.Web.Plugs.HTTPSignaturePlug
 
   import Plug.Conn
+  import Phoenix.Controller, only: [put_format: 2]
   import Mock
 
   test "it call HTTPSignatures to check validity if the actor sighed it" do
@@ -20,6 +21,7 @@ test "it call HTTPSignatures to check validity if the actor sighed it" do
           "signature",
           "keyId=\"http://mastodon.example.org/users/admin#main-key"
         )
+        |> put_format("activity+json")
         |> HTTPSignaturePlug.call(%{})
 
       assert conn.assigns.valid_signature == true
@@ -37,7 +39,7 @@ test "it call HTTPSignatures to check validity if the actor sighed it" do
       end)
 
       params = %{"actor" => "http://mastodon.example.org/users/admin"}
-      conn = build_conn(:get, "/doesntmattter", params)
+      conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
 
       [conn: conn]
     end