diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2024-01-22 15:29:01 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-01-22 15:29:01 +0100 |
| commit | 60d7060895dd72b1cee93d95fd3bab639e4cdfff (patch) | |
| tree | 42474a7d823d37d9c3360666ca9680c2447363c2 | |
| parent | [docs] Add a few things to the FAQ. (#2557) (diff) | |
| download | gotosocial-60d7060895dd72b1cee93d95fd3bab639e4cdfff.tar.xz | |
[docs] use latest cavage link for http signatures (#2565)
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | docs/federation/federating_with_gotosocial.md | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -135,7 +135,7 @@ GoToSocial plays nice with lower-powered machines like Raspberry Pi, old laptops - Built-in, automatic support for secure HTTPS with [Let's Encrypt](https://letsencrypt.org/). - Strict privacy enforcement for posts and strict blocking logic. - Import and export allow lists and deny lists. Subscribe to community-created block lists (think Ad blocker, but for federation!). -- HTTP signature authentication: GoToSocial requires [HTTP Signatures](https://tools.ietf.org/id/draft-cavage-http-signatures-01.html) when sending and receiving messages, to ensure that your messages can't be tampered with and your identity can't be forged. +- HTTP signature authentication: GoToSocial requires [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) when sending and receiving messages, to ensure that your messages can't be tampered with and your identity can't be forged. ### Various federation modes diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md index 0c7e0fe06..024571d8b 100644 --- a/docs/federation/federating_with_gotosocial.md +++ b/docs/federation/federating_with_gotosocial.md @@ -10,7 +10,7 @@ GoToSocial will also sign all outgoing `GET` and `POST` requests that it makes t This behavior is the equivalent of Mastodon's [AUTHORIZED_FETCH / "secure mode"](https://docs.joinmastodon.org/admin/config/#authorized_fetch). -GoToSocial uses the [go-fed/httpsig](https://github.com/go-fed/httpsig) library for signing outgoing requests, and for parsing and validating the signatures of incoming requests. This library strictly follows the [Cavage http signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures), which is the same RFC used by other implementations like Mastodon, Pixelfed, Akkoma/Pleroma, etc. (This RFC has since been superceded by the [httpbis http signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures), but this is not yet widely implemented.) +GoToSocial uses the [go-fed/httpsig](https://github.com/go-fed/httpsig) library for signing outgoing requests, and for parsing and validating the signatures of incoming requests. This library strictly follows the [Cavage http signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12), which is the same RFC used by other implementations like Mastodon, Pixelfed, Akkoma/Pleroma, etc. (This RFC has since been superceded by the [httpbis http signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures), but this is not yet widely implemented.) ### Incoming Requests |