Skip to content

Commit 3850658

Browse files
OxyjunOxyjun
committed
Final round of fixes
1 parent 2922787 commit 3850658

File tree

1 file changed

+1
-3
lines changed

1 file changed

+1
-3
lines changed

src/content/docs/bots/concepts/bot/verified-bots/web-bot-auth.mdx

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ You need to host a key directory which creates a way for your bot to authenticat
5252
This directory should follow the definition from the active IETF draft [draft-meunier-http-message-signatures-directory-01](https://datatracker.ietf.org/doc/html/draft-meunier-http-message-signatures-directory-01).
5353

5454
<Steps>
55-
1. Host a key directory at `/.well-known/http-message-signatures-directory/` (note that this is a requirement). This key directory should serve a JSON Web Key Set (JWKS) including the public key derived from your signing key.
55+
1. Host a key directory at `/.well-known/http-message-signatures-directory` (note that this is a requirement). This key directory should serve a JSON Web Key Set (JWKS) including the public key derived from your signing key.
5656
2. Serve the web page over HTTPS (not HTTP).
5757
3. [Calculate the base64 URL-encoded JWK thumbprint](https://www.rfc-editor.org/rfc/rfc8037.html#appendix-A.3) associated with your Ed25519 public key.
5858
4. Sign your HTTP response using the HTTP message signature specification by attaching one signature per key in your key directory. This ensures no one else can mirror your directory and attempt to register on your behalf. Your response must include the following headers:
@@ -62,7 +62,6 @@ This directory should follow the definition from the active IETF draft [draft-me
6262
| Required component parameter | Requirement |
6363
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
6464
| `tag` | This should be equal to `http-message-signatures-directory`. |
65-
| `alg` | This should be equal to `ed25519`. |
6665
| `keyid` | JWK thumbprint of the corresponding key in your directory. |
6766
| `created` | This should be equal to a `Unix` timestamp associated with when the message was sent by your application. |
6867
| `expires` | This should be equal to a `Unix` timestamp associated with when Cloudflare should no longer attempt to verify the message. |
@@ -155,7 +154,6 @@ Construct a [`Signature-Input` header](https://www.rfc-editor.org/rfc/rfc9421#na
155154
| Required component parameter | Requirement |
156155
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
157156
| `tag` | This should be equal to `web-bot-auth`. |
158-
| `alg` | This should be equal to `ed25519`. |
159157
| `keyid` | This should be equal to the thumbprint computed in step 2. |
160158
| `created` | This should be equal to a `Unix` timestamp associated with when the message was sent by your application. |
161159
| `expires` | This should be equal to a `Unix` timestamp associated with when Cloudflare should no longer attempt to verify the message. A short `expires` reduces the likelihood of replay attacks, and Cloudflare recommends choosing suitable short-lived intervals. |

0 commit comments

Comments
 (0)