diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2024-06-10 20:42:26 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-06-10 19:42:26 +0100 |
| commit | ebdcb00d0a24fe00ed316c8a43c318b030ab95fc (patch) | |
| tree | d898aacd114216391f0b0cdf082b6d08735721f9 /docs | |
| parent | [chore]: Bump golang.org/x/image from 0.16.0 to 0.17.0 (#2985) (diff) | |
| download | gotosocial-ebdcb00d0a24fe00ed316c8a43c318b030ab95fc.tar.xz | |
[chore] Roll back use of `(created)` pseudo-header pending #2991 (#2992)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/federation/federating_with_gotosocial.md | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md index 0fd4580ce..17a61219e 100644 --- a/docs/federation/federating_with_gotosocial.md +++ b/docs/federation/federating_with_gotosocial.md @@ -42,10 +42,12 @@ ED25519 GoToSocial request signing is implemented in [internal/transport](https://github.com/superseriousbusiness/gotosocial/blob/main/internal/transport/signing.go). -When assembling signatures: +Once https://github.com/superseriousbusiness/gotosocial/issues/2991 is resolved, GoToSocial will use the `(created)` pseudo-header instead of `date`. -- outgoing `GET` requests use `(request-target) (created) host` -- outgoing `POST` requests use `(request-target) (created) host digest` +For now however, when assembling signatures: + +- outgoing `GET` requests use `(request-target) host date` +- outgoing `POST` requests use `(request-target) host date digest` GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`. |