Avatar
sommerfeld 3y ago

This is how I get NIP-05 verified with nginx:

```nginx

location /.well-known/nostr.json {

return 200 '{"names": {"sommerfeld": "d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c"}}';

default_type application/json;

add_header Access-Control-Allow-Origin *;

}

```

Reply to this note

Please Login to reply.

Discussion

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 3y ago

this is precisely what I'm doing :)

by the way; your note breaks the astral.ninja reply button lol

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 3y ago

cc: #[3]

had to use damus web to reply to him; for some reason #[1] breaks the reply/quote/repost/embed buttons

Avatar
sommerfeld 3y ago

It breaks for me as well 🤣

damus web is back online? 👀

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 3y ago

nah just a local build cloned from Thomas' repo. Not production.

Avatar
sommerfeld 3y ago

Can't you still be XSS'ed even from a local webapp if the malicious scripts phone home your private key?

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 3y ago

yes. which is why I'm authenticating with alby and disabled the 'dont show again option'.

I need to authorize every single action.

not perfect, but good enough for testing

Avatar
sommerfeld 3y ago

I don't remember damus web supporting alby signing, nice to know.

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 3y ago

it does, seamless just like astral. :D

Avatar
monlovesmango 3y ago

oops thanks for the ping adding to the bug list