sneak filter.limit in nip-01.

author: fiatjaf <fiatjaf@gmail.com> 2022-05-08 21:31:29 -0300
committer: fiatjaf <fiatjaf@gmail.com> 2022-05-08 21:34:27 -0300
commit: a4aea5337fe6b93e55f9dae1974ead962c1997e8 (patch)
tree: 8935b1fef0dfc66a4ddfa33b8a7ff9a02c5bec8e /05.md
parent: 57b86d2482509bad04067e646b130c41f9433923 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/05.md b/05.md
index 3267960..1741aae 100644
--- a/05.md
+++ b/05.md
@@ -51,15 +51,15 @@ Clients may treat the identifier `_@domain` as the "root" identifier, and choose
 By adding the `<local-part>` as a query string instead of as part of the path the protocol can support both dynamic servers that can generate JSON on-demand and static servers with a JSON file in it that may contain multiple names.
-### Allowing access from Javascript apps
+### Allowing access from JavaScript apps
-Javascript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `nostr.json` on the user's domain.  When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue.  JS Nostr apps that see network failures requesting `nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:
+JavaScript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `/.well-known/nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `/.well-known/nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:
 ```bash
 $ curl -sI https://example.com/.well-known/nostr.json?name=bob | grep ^Access-Control
 Access-Control-Allow-Origin: *
 ```
-Users should ensure that their `nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.
+Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.
 [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
author	fiatjaf <fiatjaf@gmail.com>	2022-05-08 21:31:29 -0300
committer	fiatjaf <fiatjaf@gmail.com>	2022-05-08 21:34:27 -0300
commit	a4aea5337fe6b93e55f9dae1974ead962c1997e8 (patch)
tree	8935b1fef0dfc66a4ddfa33b8a7ff9a02c5bec8e /05.md
parent	57b86d2482509bad04067e646b130c41f9433923 (diff)

diff --git a/05.md b/05.md index 3267960..1741aae 100644 --- a/05.md +++ b/05.md
@@ -51,15 +51,15 @@ Clients may treat the identifier `_@domain` as the "root" identifier, and choose
51		51
52	By adding the `<local-part>` as a query string instead of as part of the path the protocol can support both dynamic servers that can generate JSON on-demand and static servers with a JSON file in it that may contain multiple names.	52	By adding the `<local-part>` as a query string instead of as part of the path the protocol can support both dynamic servers that can generate JSON on-demand and static servers with a JSON file in it that may contain multiple names.
53		53
54	### Allowing access from Javascript apps	54	### Allowing access from JavaScript apps
55		55
56	Javascript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:	56	JavaScript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `/.well-known/nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `/.well-known/nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:
57		57
58	```bash	58	```bash
59	$ curl -sI https://example.com/.well-known/nostr.json?name=bob \| grep ^Access-Control	59	$ curl -sI https://example.com/.well-known/nostr.json?name=bob \| grep ^Access-Control
60	Access-Control-Allow-Origin: *	60	Access-Control-Allow-Origin: *
61	```	61	```
62		62
63	Users should ensure that their `nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.	63	Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.
64		64
65	[CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS	65	[CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS