We are in a limbo state when the request went to https://domain and the library receives the X-Forwarded-Port for port 443. It will add https://domain:443 to the signature and the signatures will not match. Only in cases where the port was explicitly added we should add it to the signature. I dont know how we can check this yet. My suggestion perhaps is to accept both hashes or think really hard if there is no other way we can identify this.
We are in a limbo state when the request went to https://domain and the library receives the X-Forwarded-Port for port 443. It will add https://domain:443 to the signature and the signatures will not match. Only in cases where the port was explicitly added we should add it to the signature. I dont know how we can check this yet. My suggestion perhaps is to accept both hashes or think really hard if there is no other way we can identify this.