httpsignatures-go icon indicating copy to clipboard operation
httpsignatures-go copied to clipboard
verified publisher icon 99designs

Date is not a mandatory header

Open tbarbugli opened this issue 8 years ago • 1 comments

According to IETF specs Date is suggested but not mandatory:

2.3. Signature String Construction

In order to generate the string that is signed with a key, the client MUST use the values of each HTTP header field in the headers Signature parameter, in the order they appear in the headers Signature parameter. It is out of scope for this document to dictate what header fields an application will want to enforce, but implementers SHOULD at minimum include the request target and Date header fields.

https://tools.ietf.org/html/draft-cavage-http-signatures

tbarbugli avatar Apr 14 '17 13:04 tbarbugli

There is a failing test on this build, see https://travis-ci.org/99designs/httpsignatures-go/jobs/222067374

Sadly our org policy breaks the travis hooks that updating the build status in PR.

vektah avatar Apr 18 '17 01:04 vektah