diff options
| author | majestrate <jeff@lokinet.io> | 2022-12-29 09:01:35 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-29 11:01:35 -0300 |
| commit | d41834fa5169d15ffd1519a773ee495c6076ecd3 (patch) | |
| tree | 0a746f42696af8aaa70a6917930467c237f18042 | |
| parent | 570bc59e7dc1bf35ff8298b1c3d56ae2423f7613 (diff) | |
update NIP-05 addressing reflectivity. (#128)
| -rw-r--r-- | 05.md | 7 |
1 files changed, 7 insertions, 0 deletions
| @@ -71,3 +71,10 @@ Access-Control-Allow-Origin: * | |||
| 71 | Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers. | 71 | Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers. |
| 72 | 72 | ||
| 73 | [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS | 73 | [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
| 74 | |||
| 75 | ### Security Constraints | ||
| 76 | |||
| 77 | The `/.well-known/nostr.json` endpoint MUST NOT return any HTTP redirects. | ||
| 78 | |||
| 79 | Fetchers MUST ignore any HTTP redirects given by the `/.well-known/nostr.json` endpoint. | ||
| 80 | |||