Replying to Avatar 0xbitcoiner

Olá nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr,

From what I was able to find out, noStrudel blocks zaps where the nostrpubkey of the lightning address is not the same as the nostr profile.

For example, I can't zap nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s. But it should be able to because the lightning address is in the verification service name list (.well-known).

I think you're only checking the first one on the list, which in this case is jb55.

In the case of Will, the nostrpubkey of the lightning address is 9630f464cca6a5147aa8a35f0bcdd3ce485324e732fd39e09233b1d848238f31 -> clightning

From https://jb55.com/.well-known/nostr.json?name=_

{

"names": {

"jb55": "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245",

"notepad": "4570d7a0b49b5524797120810116a2a5c18281423b173a557056f08f15c5382d",

"btc": "21763c71793764a2661eb10ede32a8f2312c9f8db08bc539c888bafa38dcf368",

"clightning": "9630f464cca6a5147aa8a35f0bcdd3ce485324e732fd39e09233b1d848238f31",

"minebot": "6cad545430904b84a8101c5783b65043f19ae29d2da1076b8fc3e64892736f03",

"gpt3": "5c10ed0678805156d39ef1ef6d46110fe1e7e590ae04986ccf48ba1299cb53e2",

"_": "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"

},

"relays": {

"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245": ["wss://relay.damus.io"],

"4570d7a0b49b5524797120810116a2a5c18281423b173a557056f08f15c5382d": ["wss://relay.damus.io"],

"9630f464cca6a5147aa8a35f0bcdd3ce485324e732fd39e09233b1d848238f31": ["wss://relay.damus.io"],

"6cad545430904b84a8101c5783b65043f19ae29d2da1076b8fc3e64892736f03": ["wss://relay.damus.io"],

"5c10ed0678805156d39ef1ef6d46110fe1e7e590ae04986ccf48ba1299cb53e2": ["wss://relay.damus.io"]

}

}

Avatar
hzrd149 2y ago

Thanks for looking into this I noticed a few days ago I couldn't zap him from noStrudel and I added to my bug list.

Although it looks like the nostrpubkey of the lnurlp endpoint was not the issue. He has a 302 redirect setup for his lightning address https://jb55.com/.well-known/lnurlp/jb55 to https://sendsats.lol/.well-known/lnurlp/jb55

The redirect works fine in a browser but it looks like its not returning a CORS header, so when noStrudel tries to fetch the endpoint it gets blocked by CORS

It should be fixed now though. I just made it use a cors proxy as a fallback if the LNURL dose not have the CORS header.

ending though: CORS will be the death of web apps

Reply to this note

Please Login to reply.

Discussion

Avatar
0xbitcoiner 2y ago

I can zap the profile but the notes cannot