Replace broken link to HTTP Signatures #1067
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replace broken linkt to HTTP Signatures in security.md. The previous link instructed to redirect to an outdated audit. The new link leads to the current IETF draft for HTTP Signatures.
trwnh
suggested changes
Nov 23, 2022
content/en/spec/security.md
Outdated
| @@ -11,7 +11,7 @@ menu: | |||
|
|
|||
| {{< caption-link url="https://github.com/mastodon/mastodon/blob/master/app/lib/request.rb" caption="app/lib/request.rb" >}} | |||
|
|
|||
| [HTTP Signatures](https://w3c-dvcg.github.io/http-signatures/) is a specification for signing HTTP messages by using a \`Signature:\` header with your HTTP request. Mastodon requires the use of HTTP Signatures in order to validate that any activity received was authored by the actor generating it. When secure mode is enabled, all GET requests require HTTP signatures as well. | |||
| [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-15) is a specification for signing HTTP messages by using a \`Signature:\` header with your HTTP request. Mastodon requires the use of HTTP Signatures in order to validate that any activity received was authored by the actor generating it. When secure mode is enabled, all GET requests require HTTP signatures as well. | |||
There was a problem hiding this comment.
Wrong link, Mastodon is currently using a different draft version: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures
There was a problem hiding this comment.
The linked draft is the successor to the deprecated one used by Mastodon as can be seen here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/
trwnh
added a commit
to trwnh/mastodocs
that referenced
this pull request
Nov 24, 2022
|
After reading this comment (mastodon/mastodon#21429 (comment)) in a related issue, it probably makes more sense to link to an older version of the linked document. |
Gargron
pushed a commit
that referenced
this pull request
Dec 14, 2022
* fix relrefs around trends and related entities * revert moving caption-links to middle of page * hide empty menu in table of contents * clarify edit notifs are only for boosted statuses * following/followers no longer need auth * fix typo * specify cooldown period for account Move * use the correct cooldown * add missing parameters to accounts/id/statuses * link to account_statuses_filter.rb * fix typo (#1072) * fix typo (#1073) * fix link to http sig spec (#1067) * simply HTTP request examples in api methods docs * add missing client_secret to oauth/token (#1062) * Add any, all, none to hashtag timeline * minor formatting changes * Update signature requirements and advice * fix public key -> private key * clarify use of RSA with SHA256 * Add note about saving your profile after adding rel-me link * v2 filters api * comment out params that shouldn't be used in v2 filter api * admin trends * remove old todo * canonical email blocks + scheduled statuses * remove under-construction warnings from finished pages * verify api method params with source code * fix typo (#1088) * fix broken caption-links (#1100) * fix formatting of entities (#1094) * Remove keybase section from user guide (#1093) * fix typos (#1092) * Verify limits are accurate (#1086) * add mention of iframe limitation (#1084) * Add CORS header to WEB_DOMAIN example (#1083) * Fix typo (#1081) * pin http sigs spec at draft 8 * Revert "pin http sigs spec at draft 8" This reverts commit 9fd5f70. * add case sensitivity warning to 4.0 roles * Add url length note to bio (#1087) * remove follow scope from examples (#1103) * clarify usage of update_credentials to update profile fields * add noindex to Account entitity * remove required hint from technically not required property
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace broken link to HTTP Signatures in security.md. The previous link instructed to redirect to an outdated audit. The new link leads to the current IETF draft for HTTP Signatures.