[BUG] Nostr Address fails with redirection #1151
Comments
|
NIP-05 cannot be redirected. It's a security issue: https://github.com/nostr-protocol/nips/blob/master/05.md#security-constraints Other apps should also not redirect. If you convinced them to do, please ask them to revert the change. |
|
Hi @vitorpamplona and thanks for pointing out the section in the NIP-05. Given that it is part of the specification, I will of course not ask for you to change the implementation and will implement a workaround. Hopefully the discussion will either clarify the reasons HTTP redirections were prohibited or allow them, especially when pointing to subdomains. |
Hi @vitorpamplona,
After some tests, we found that Amethyst does not support redirections for NIP-05. Our service is deployed at
api.numeraire.techbut our addresses are (also) reachable at[email protected]. We have a permanent (301) redirection in place from api.numeraire.tech to numeraire.tech for the addresses to look nicer.This works fine in other services but fails on Amethyst. As you can see from BTCPayServer docs, there is even a tutorial explaining how to implement such a redirect, which is very common: here
We would very much like to fix this bug and will do the necessary on our end if you could point us to the reason of the error. Nevertheless, we consider this to be a bug on your end:
Looking forward to collaborating on this,
PS: WalletOfSatoshi had a similar bug for LN Addresses that we pointed out and they fixed it.
To Reproduce
Easiest way would be:
[email protected]and see it fail[email protected]and see it succeedExpected behaviour
[email protected]should be a valid NIP-05 address following the redirectDevice (please complete the following information):
The text was updated successfully, but these errors were encountered: