From a4aea5337fe6b93e55f9dae1974ead962c1997e8 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Sun, 8 May 2022 21:31:29 -0300 Subject: sneak filter.limit in nip-01. --- 05.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '05.md') diff --git a/05.md b/05.md index 3267960..1741aae 100644 --- a/05.md +++ b/05.md @@ -51,15 +51,15 @@ Clients may treat the identifier `_@domain` as the "root" identifier, and choose By adding the `` as a query string instead of as part of the path the protocol can support both dynamic servers that can generate JSON on-demand and static servers with a JSON file in it that may contain multiple names. -### Allowing access from Javascript apps +### Allowing access from JavaScript apps -Javascript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.: +JavaScript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `/.well-known/nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `/.well-known/nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.: ```bash $ curl -sI https://example.com/.well-known/nostr.json?name=bob | grep ^Access-Control Access-Control-Allow-Origin: * ``` -Users should ensure that their `nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers. +Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers. [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS -- cgit v1.2.3