mirror of
https://github.com/versia-pub/docs.git
synced 2025-12-06 06:18:19 +01:00
Merge branch 'main' of https://github.com/versia-pub/docs
This commit is contained in:
Jesse Wierzbinski
commit
29de1a7e87
|
|
@ -19,7 +19,7 @@ Versia uses cryptographic signatures to ensure the integrity and authenticity of
|
||||||
A signature consists of a series of headers in an HTTP request. The following headers are used:
|
A signature consists of a series of headers in an HTTP request. The following headers are used:
|
||||||
- **`X-Signature`**: The signature itself, encoded in base64.
|
- **`X-Signature`**: The signature itself, encoded in base64.
|
||||||
- **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance $1`, to represent the instance, where `$1` is the instance's host](/entities/instance-metadata#the-null-author).
|
- **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance $1`, to represent the instance, where `$1` is the instance's host](/entities/instance-metadata#the-null-author).
|
||||||
- **`X-Nonce`**: A random string generated by the client. This is used to prevent replay attacks.
|
- **`X-Nonce`**: A random string generated by the client.
|
||||||
|
|
||||||
Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on:
|
Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on:
|
||||||
- **All POST requests**.
|
- **All POST requests**.
|
||||||
|
|
@ -155,4 +155,4 @@ const isVerified = await crypto.subtle.verify(
|
||||||
if (!isVerified) {
|
if (!isVerified) {
|
||||||
return new Response("Signature verification failed", { status: 401 });
|
return new Response("Signature verification failed", { status: 401 });
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue