From ebdcb00d0a24fe00ed316c8a43c318b030ab95fc Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 10 Jun 2024 20:42:26 +0200
Subject: [chore] Roll back use of `(created)` pseudo-header pending #2991
 (#2992)

---
 docs/federation/federating_with_gotosocial.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'docs/federation')

diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md
index 0fd4580ce..17a61219e 100644
--- a/docs/federation/federating_with_gotosocial.md
+++ b/docs/federation/federating_with_gotosocial.md
@@ -42,10 +42,12 @@ ED25519
 
 GoToSocial request signing is implemented in [internal/transport](https://github.com/superseriousbusiness/gotosocial/blob/main/internal/transport/signing.go).
 
-When assembling signatures:
+Once https://github.com/superseriousbusiness/gotosocial/issues/2991 is resolved, GoToSocial will use the `(created)` pseudo-header instead of `date`.
 
-- outgoing `GET` requests use `(request-target) (created) host`
-- outgoing `POST` requests use `(request-target) (created) host digest` 
+For now however, when assembling signatures:
+
+- outgoing `GET` requests use `(request-target) host date`
+- outgoing `POST` requests use `(request-target) host date digest` 
 
 GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`.
 
-- 
cgit v1.2.3