diff options
Diffstat (limited to 'docs/federation/federating_with_gotosocial.md')
| -rw-r--r-- | docs/federation/federating_with_gotosocial.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md index 947a03f9b..0fd4580ce 100644 --- a/docs/federation/federating_with_gotosocial.md +++ b/docs/federation/federating_with_gotosocial.md @@ -44,8 +44,8 @@ GoToSocial request signing is implemented in [internal/transport](https://github When assembling signatures: -- outgoing `GET` requests use `(request-target) host date` -- outgoing `POST` requests use `(request-target) host date digest` +- outgoing `GET` requests use `(request-target) (created) host` +- outgoing `POST` requests use `(request-target) (created) host digest` GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`. |