Closed DinoChiesa closed 8 years ago
Draft 03 of the http signatures spec (http://tools.ietf.org/html/draft-cavage-http-signatures-03) says to use something like this, to include the http method and path into the signature base:
(request-target): POST /foo + "\n" date: Tue, 07 Jun 2011 20:51:35 GMT + "\n" content-type: application/json + "\n" content-md5: h0auK8hnYJKmHTLhKtMTkQ==
Whereas this implementation seems to still comply with draft 01 (http://tools.ietf.org/html/draft-cavage-http-signatures-01), which says to specify a 'request-line' header and use this as the sig base:
POST /foo HTTP/1.1 + "\n" date: Tue, 07 Jun 2011 20:51:35 GMT + "\n" content-type: application/json + "\n" content-md5: h0auK8hnYJKmHTLhKtMTkQ==
This implementation should stay current with the latest spec.
This has been fixed as of 641108c1ae992b43d683dd71db2ad41a56e1d8c0
Draft 03 of the http signatures spec (http://tools.ietf.org/html/draft-cavage-http-signatures-03) says to use something like this, to include the http method and path into the signature base:
Whereas this implementation seems to still comply with draft 01 (http://tools.ietf.org/html/draft-cavage-http-signatures-01), which says to specify a 'request-line' header and use this as the sig base:
This implementation should stay current with the latest spec.