search

TritonDataCenter / node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme
https://tritondatacenter.com
MIT License
405 stars 118 forks source link

uses 'request-line' as in draft 01 of the spec; does not use (target-request) as in draft 03 #43

Closed DinoChiesa closed 8 years ago

DinoChiesa commented 9 years ago

Draft 03 of the http signatures spec (http://tools.ietf.org/html/draft-cavage-http-signatures-03) says to use something like this, to include the http method and path into the signature base: 

(request-target): POST /foo + "\n"
date: Tue, 07 Jun 2011 20:51:35 GMT + "\n"
content-type: application/json + "\n"
content-md5: h0auK8hnYJKmHTLhKtMTkQ==

Whereas this implementation seems to still comply with draft 01 (http://tools.ietf.org/html/draft-cavage-http-signatures-01), which says to specify a 'request-line' header and use this as the sig base: 

POST /foo HTTP/1.1 + "\n"
date: Tue, 07 Jun 2011 20:51:35 GMT + "\n"
content-type: application/json + "\n"
content-md5: h0auK8hnYJKmHTLhKtMTkQ==

This implementation should stay current with the latest spec.

arekinath commented 8 years ago

This has been fixed as of 641108c1ae992b43d683dd71db2ad41a56e1d8c0