qugalet/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2024-11-22 11:46:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

drop date (#2969)

Browse source
This commit is contained in:
tobi 2024-06-06 13:50:56 +02:00 committed by GitHub
parent 5dcc954072
commit 131020faeb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/federation/federating_with_gotosocial.md
View file

@ -44,8 +44,8 @@ GoToSocial request signing is implemented in [internal/transport](https://github
When assembling signatures: When assembling signatures:
- outgoing `GET` requests use `(request-target) host date` - outgoing `GET` requests use `(request-target) (created) host`
- outgoing `POST` requests use `(request-target) host date digest` - outgoing `POST` requests use `(request-target) (created) host digest`
GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`. GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`.

4
internal/transport/signing.go
View file

@ -25,8 +25,8 @@
// http signer preferences // http signer preferences
prefs = []httpsig.Algorithm{httpsig.RSA_SHA256} prefs = []httpsig.Algorithm{httpsig.RSA_SHA256}
digestAlgo = httpsig.DigestSha256 digestAlgo = httpsig.DigestSha256
getHeaders = []string{httpsig.RequestTarget, "host", "date"} getHeaders = []string{httpsig.RequestTarget, "(created)", "host"}
postHeaders = []string{httpsig.RequestTarget, "host", "date", "digest"} postHeaders = []string{httpsig.RequestTarget, "(created)", "host", "digest"}
) )
// NewGETSigner returns a new httpsig.Signer instance initialized with GTS GET preferences. // NewGETSigner returns a new httpsig.Signer instance initialized with GTS GET preferences.