mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-22 08:25:53 -05:00
add note about payload hash
This commit is contained in:
parent
29f26e72b5
commit
2d31ddd38a
10
98.md
10
98.md
|
@ -18,8 +18,8 @@ The `content` SHOULD be empty.
|
|||
|
||||
The following tags are defined as REQUIRED.
|
||||
|
||||
* `url` - absolute URL
|
||||
* `method` - HTTP Request Method
|
||||
* `u` - absolute URL
|
||||
* `method` - HTTP Request Method
|
||||
|
||||
Example event:
|
||||
```json
|
||||
|
@ -31,7 +31,7 @@ Example event:
|
|||
"created_at": 1682327852,
|
||||
"tags": [
|
||||
[
|
||||
"url",
|
||||
"u",
|
||||
"https://api.snort.social/api/v1/n5sp/list"
|
||||
],
|
||||
[
|
||||
|
@ -49,6 +49,10 @@ Servers MUST perform the following checks in order to validate the event:
|
|||
3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters).
|
||||
4. The `method` tag MUST be the same HTTP method used for the requested resource.
|
||||
|
||||
When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD include a SHA256 hash of the request body in a `payload` tag as hex (`["payload", "<sha256-hex>"]`), servers MAY check this to validate that the requested payload is authorized.
|
||||
|
||||
If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
|
||||
|
||||
All other checks which server MAY do are OPTIONAL, and implementation specific.
|
||||
|
||||
## Request Flow
|
||||
|
|
Loading…
Reference in New Issue
Block a user