-
-
Notifications
You must be signed in to change notification settings - Fork 965
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace broken link to HTTP Signatures #1067
Conversation
Replace broken linkt to HTTP Signatures in security.md. The previous link instructed to redirect to an outdated audit. The new link leads to the current IETF draft for HTTP Signatures.
content/en/spec/security.md
Outdated
@@ -11,7 +11,7 @@ menu: | |||
|
|||
{{< caption-link url="https://github.com/mastodon/mastodon/blob/master/app/lib/request.rb" caption="app/lib/request.rb" >}} | |||
|
|||
[HTTP Signatures](https://w3c-dvcg.github.io/http-signatures/) is a specification for signing HTTP messages by using a \`Signature:\` header with your HTTP request. Mastodon requires the use of HTTP Signatures in order to validate that any activity received was authored by the actor generating it. When secure mode is enabled, all GET requests require HTTP signatures as well. | |||
[HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-15) is a specification for signing HTTP messages by using a \`Signature:\` header with your HTTP request. Mastodon requires the use of HTTP Signatures in order to validate that any activity received was authored by the actor generating it. When secure mode is enabled, all GET requests require HTTP signatures as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong link, Mastodon is currently using a different draft version: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The linked draft is the successor to the deprecated one used by Mastodon as can be seen here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/
After reading this comment (mastodon/mastodon#21429 (comment)) in a related issue, it probably makes more sense to link to an older version of the linked document. |
* fix relrefs around trends and related entities * revert moving caption-links to middle of page * hide empty menu in table of contents * clarify edit notifs are only for boosted statuses * following/followers no longer need auth * fix typo * specify cooldown period for account Move * use the correct cooldown * add missing parameters to accounts/id/statuses * link to account_statuses_filter.rb * fix typo (#1072) * fix typo (#1073) * fix link to http sig spec (#1067) * simply HTTP request examples in api methods docs * add missing client_secret to oauth/token (#1062) * Add any, all, none to hashtag timeline * minor formatting changes * Update signature requirements and advice * fix public key -> private key * clarify use of RSA with SHA256 * Add note about saving your profile after adding rel-me link * v2 filters api * comment out params that shouldn't be used in v2 filter api * admin trends * remove old todo * canonical email blocks + scheduled statuses * remove under-construction warnings from finished pages * verify api method params with source code * fix typo (#1088) * fix broken caption-links (#1100) * fix formatting of entities (#1094) * Remove keybase section from user guide (#1093) * fix typos (#1092) * Verify limits are accurate (#1086) * add mention of iframe limitation (#1084) * Add CORS header to WEB_DOMAIN example (#1083) * Fix typo (#1081) * pin http sigs spec at draft 8 * Revert "pin http sigs spec at draft 8" This reverts commit 9fd5f70. * add case sensitivity warning to 4.0 roles * Add url length note to bio (#1087) * remove follow scope from examples (#1103) * clarify usage of update_credentials to update profile fields * add noindex to Account entitity * remove required hint from technically not required property
Replace broken link to HTTP Signatures in security.md. The previous link instructed to redirect to an outdated audit. The new link leads to the current IETF draft for HTTP Signatures.