add note about payload hash

2024-09-19 14:35:48 -04:00 · 2023-04-24 10:56:04 +01:00 · 2023-04-24 10:56:04 +01:00 · 2d31ddd38a
commit 2d31ddd38a
parent 29f26e72b5
1 changed files with 7 additions and 3 deletions
--- a/98.md
+++ b/98.md
@ -18,8 +18,8 @@ The `content` SHOULD be empty.

 The following tags are defined as REQUIRED.

-* `url` - absolute URL
-* `method` - HTTP Request Method 
+* `u` - absolute URL
+* `method` - HTTP Request Method

 Example event:
 ```json
@ -31,7 +31,7 @@ Example event:
    "created_at": 1682327852,
    "tags": [
        [
-            "url",
+            "u",
            "https://api.snort.social/api/v1/n5sp/list"
        ],
        [
@ -49,6 +49,10 @@ Servers MUST perform the following checks in order to validate the event:
 3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters).
 4. The `method` tag MUST be the same HTTP method used for the requested resource.

+When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD include a SHA256 hash of the request body in a `payload` tag as hex (`["payload", "<sha256-hex>"]`), servers MAY check this to validate that the requested payload is authorized.
+
+If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
+
 All other checks which server MAY do are OPTIONAL, and implementation specific.

 ## Request Flow