Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please document http signature changes in security pages #822

Closed
wmurphyrd opened this issue Oct 22, 2020 · 1 comment
Closed

Please document http signature changes in security pages #822

wmurphyrd opened this issue Oct 22, 2020 · 1 comment

Comments

@wmurphyrd
Copy link

wmurphyrd commented Oct 22, 2020
edited
Loading

updated after tracking down issue
Hello, I've received an issue report that Masoton 3.2.1 servers are refusing my POSTs from gup.pe with message Mastodon requires the Digest header to be signed when doing a POST request

Current documentation at https://docs.joinmastodon.org/spec/security/#http appears to be out of date

Could you update the page so I know exactly what is required now?
@wmurphyrd wmurphyrd changed the title Please document secure mode changes to spec & security pages Please document http signature changes in security pages Oct 22, 2020
@wmurphyrd wmurphyrd mentioned this issue Oct 22, 2020
Closed
@ClearlyClaire
Copy link
Contributor

The documentation change in 34fab9a is welcome, but it doesn't solve the issue at hand.
https://docs.joinmastodon.org/spec/security/#http-sign should be updated to say that Mastodon requires the following (pseudo-)headers:

  • Date or (created)
  • Host
  • (request-target)
  • Digest if it's a POST request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ClearlyClaire @wmurphyrd