From d41834fa5169d15ffd1519a773ee495c6076ecd3 Mon Sep 17 00:00:00 2001
From: majestrate <jeff@lokinet.io>
Date: Thu, 29 Dec 2022 09:01:35 -0500
Subject: [PATCH] update NIP-05 addressing reflectivity. (#128)

---
 05.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/05.md b/05.md
index 6c5fe6f..0de810b 100644
--- a/05.md
+++ b/05.md
@@ -71,3 +71,10 @@ Access-Control-Allow-Origin: *
 Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.
 
 [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+
+### Security Constraints
+
+The `/.well-known/nostr.json` endpoint MUST NOT return any HTTP redirects. 
+
+Fetchers MUST ignore any HTTP redirects given by the `/.well-known/nostr.json` endpoint.
+