[BUG] Nostr Address fails with redirection

[darioAnongba]

Hi @vitorpamplona,

After some tests, we found that Amethyst does not support redirections for NIP-05. Our service is deployed at api.numeraire.tech but our addresses are (also) reachable at username@numeraire.tech. We have a permanent (301) redirection in place from api.numeraire.tech to numeraire.tech for the addresses to look nicer.

This works fine in other services but fails on Amethyst. As you can see from BTCPayServer docs, there is even a tutorial explaining how to implement such a redirect, which is very common: here

We would very much like to fix this bug and will do the necessary on our end if you could point us to the reason of the error. Nevertheless, we consider this to be a bug on your end:

• The NIP-05 protocol allows for redirects

Looking forward to collaborating on this,

PS: WalletOfSatoshi had a similar bug for LN Addresses that we pointed out and they fixed it.

To Reproduce

Easiest way would be:

• Register a Nostr Address in our Dashboard
• Register it in Amethyst at yourusername@numeraire.tech and see it fail
• Register it in Amethyst at yourusername@api.numeraire.tech and see it succeed

Expected behaviour

yourusername@numeraire.tech should be a valid NIP-05 address following the redirect

Device (please complete the following information):

• Phone Brand/Model : Samsung S22:
• App Version: v0.92.7-play:

[vitorpamplona]

NIP-05 cannot be redirected. It's a security issue: https://github.com/nostr-protocol/nips/blob/master/05.md#security-constraints

Other apps should also not redirect. If you convinced them to do, please ask them to revert the change.

[darioAnongba]

Hi @vitorpamplona and thanks for pointing out the section in the NIP-05. I wrongly assumed that NIP-05 was similar to Lightning Addresses and given that most implementations (Alby, Blink, WalletOfSatoshi, Phoenix, Breez, etc.) allow redirections, I assumed NIP-05 as well.

Given that it is part of the specification, I will of course not ask for you to change the implementation and will implement a workaround. That being said, I argue that it is not true that allowing redirections causes a security concern for NIP-05 and I started a discussion about it here if you're interested: https://github.com/nostr-protocol/nips/issues/1544.

Hopefully the discussion will either clarify the reasons HTTP redirections were prohibited or allow them, especially when pointing to subdomains.