From ce94c8756492961158fdb0c7248aa4f83f6a019d Mon Sep 17 00:00:00 2001 From: Jesse Wierzbinski Date: Thu, 19 Sep 2024 08:08:04 +0200 Subject: [PATCH] fix: :memo: Clarify how hashes of GET request bodies are calculated --- app/signatures/page.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/signatures/page.mdx b/app/signatures/page.mdx index 2b2c204..0bd1610 100644 --- a/app/signatures/page.mdx +++ b/app/signatures/page.mdx @@ -38,7 +38,7 @@ Where: - `$0` is the HTTP method (e.g. `GET`, `POST`) in lowercase. - `$1` is the path of the request, in standard URI format (don't forget to URL-encode it). - `$2` is the nonce, a random string generated by the client. -- `$3` is the SHA-256 hash of the request body, encoded in base64. +- `$3` is the SHA-256 hash of the request body, encoded in base64. (if it's a `GET` request, this should be the hash of an empty string) Sign this string using the user's private key. The resulting signature should be encoded in base64.