versia-pub/docs
2
0
Fork 0
mirror of https://github.com/versia-pub/docs.git synced 2025-12-06 06:18:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: bug: Remove old replay attack text

Browse source
This commit is contained in:
Gaspard Wierzbinski 2024-10-05 12:10:19 +02:00 committed by GitHub
parent 8794d00853
commit 918f8bba13
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/signatures/page.mdx
View file

@ -19,7 +19,7 @@ Versia uses cryptographic signatures to ensure the integrity and authenticity of
A signature consists of a series of headers in an HTTP request. The following headers are used:
- **`X-Signature`**: The signature itself, encoded in base64.
- **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance $1`, to represent the instance, where `$1` is the instance's host](/entities/instance-metadata#the-null-author).
- **`X-Nonce`**: A random string generated by the client. This is used to prevent replay attacks.
- **`X-Nonce`**: A random string generated by the client.
Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on:
- **All POST requests**.
@ -155,4 +155,4 @@ const isVerified = await crypto.subtle.verify(
if (!isVerified) {
return new Response("Signature verification failed", { status: 401 });
}
```
```