add note about payload hash

This commit is contained in:
Kieran 2023-04-24 10:56:04 +01:00
parent 29f26e72b5
commit 2d31ddd38a
No known key found for this signature in database
GPG Key ID: DE71CEB3925BE941

8
98.md
View File

@ -18,7 +18,7 @@ The `content` SHOULD be empty.
The following tags are defined as REQUIRED. The following tags are defined as REQUIRED.
* `url` - absolute URL * `u` - absolute URL
* `method` - HTTP Request Method * `method` - HTTP Request Method
Example event: Example event:
@ -31,7 +31,7 @@ Example event:
"created_at": 1682327852, "created_at": 1682327852,
"tags": [ "tags": [
[ [
"url", "u",
"https://api.snort.social/api/v1/n5sp/list" "https://api.snort.social/api/v1/n5sp/list"
], ],
[ [
@ -49,6 +49,10 @@ Servers MUST perform the following checks in order to validate the event:
3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters). 3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters).
4. The `method` tag MUST be the same HTTP method used for the requested resource. 4. The `method` tag MUST be the same HTTP method used for the requested resource.
When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD include a SHA256 hash of the request body in a `payload` tag as hex (`["payload", "<sha256-hex>"]`), servers MAY check this to validate that the requested payload is authorized.
If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
All other checks which server MAY do are OPTIONAL, and implementation specific. All other checks which server MAY do are OPTIONAL, and implementation specific.
## Request Flow ## Request Flow