mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-24 20:56:39 +00:00
parent
69aba377bc
commit
ebdcb00d0a
|
@ -42,10 +42,12 @@ ED25519
|
||||||
|
|
||||||
GoToSocial request signing is implemented in [internal/transport](https://github.com/superseriousbusiness/gotosocial/blob/main/internal/transport/signing.go).
|
GoToSocial request signing is implemented in [internal/transport](https://github.com/superseriousbusiness/gotosocial/blob/main/internal/transport/signing.go).
|
||||||
|
|
||||||
When assembling signatures:
|
Once https://github.com/superseriousbusiness/gotosocial/issues/2991 is resolved, GoToSocial will use the `(created)` pseudo-header instead of `date`.
|
||||||
|
|
||||||
- outgoing `GET` requests use `(request-target) (created) host`
|
For now however, when assembling signatures:
|
||||||
- outgoing `POST` requests use `(request-target) (created) host digest`
|
|
||||||
|
- outgoing `GET` requests use `(request-target) host date`
|
||||||
|
- outgoing `POST` requests use `(request-target) host date digest`
|
||||||
|
|
||||||
GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`.
|
GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`.
|
||||||
|
|
||||||
|
|
|
@ -25,8 +25,10 @@
|
||||||
// http signer preferences
|
// http signer preferences
|
||||||
prefs = []httpsig.Algorithm{httpsig.RSA_SHA256}
|
prefs = []httpsig.Algorithm{httpsig.RSA_SHA256}
|
||||||
digestAlgo = httpsig.DigestSha256
|
digestAlgo = httpsig.DigestSha256
|
||||||
getHeaders = []string{httpsig.RequestTarget, "(created)", "host"}
|
|
||||||
postHeaders = []string{httpsig.RequestTarget, "(created)", "host", "digest"}
|
// TODO: Update these to use `(created)` pseudo-header instead of `Date`.
|
||||||
|
getHeaders = []string{httpsig.RequestTarget, "host", "date"}
|
||||||
|
postHeaders = []string{httpsig.RequestTarget, "host", "date", "digest"}
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewGETSigner returns a new httpsig.Signer instance initialized with GTS GET preferences.
|
// NewGETSigner returns a new httpsig.Signer instance initialized with GTS GET preferences.
|
||||||
|
|
Loading…
Reference in a new issue