versia-pub/docs
2
0
Fork 0
mirror of https://github.com/versia-pub/docs.git synced 2025-12-06 14:28:20 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 📝 Add instance hostnames to entity signatures

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-09-19 08:14:44 +02:00
parent 408a70756b
commit a3c0d8eaa9
No known key found for this signature in database
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/entities/instance-metadata/page.mdx
View file

@ -9,7 +9,7 @@ Contains metadata about a Versia instance, such as capabilities and endpoints. {
## The `null` Author ## The `null` Author
On all entities that have an `author` field, the `author` can be `null` to represent the instance itself as the author (like ActivityPub's Server Actors). In this case, the instance's public key should be used to verify the entity. On all entities that have an `author` field, the `author` can be `null` to represent the instance itself as the author (like ActivityPub's Server Actors). In this case, the instance's public key should be used to verify the entity. To know which instance's public key to use, the entity signature should be used.
## Entity Definition ## Entity Definition

2
app/signatures/page.mdx
View file

@ -18,7 +18,7 @@ Versia uses cryptographic signatures to ensure the integrity and authenticity of
A signature consists of a series of headers in an HTTP request. The following headers are used: A signature consists of a series of headers in an HTTP request. The following headers are used:
- **`X-Signature`**: The signature itself, encoded in base64. - **`X-Signature`**: The signature itself, encoded in base64.
- **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance` to represent the instance](/entities/instance-metadata#the-null-author). - **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance $1`, to represent the instance, where `$1` is the instance's host](/entities/instance-metadata#the-null-author).
- **`X-Nonce`**: A random string generated by the client. This is used to prevent replay attacks. - **`X-Nonce`**: A random string generated by the client. This is used to prevent replay attacks.
Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on: Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on: