Replying to Avatar Vitor Pamplona

We just use what @nostr.build replies. if it replies with http, it goes in http.
Avatar
Pablo Xannybar 2y ago

Thanks for confirming that mate 👌

That's why I tagged you both, so this is a nostr:npub1nxy4qpqnld6kmpphjykvx2lqwvxmuxluddwjamm4nc29ds3elyzsm5avr7 bug.

Tbh the Nostr Build TLS setup could do with a lot of improvement and it wouldn't take long.

1. Enable HSTS and enroll in HSTS preloading - that would mitigate security issues from bugs like this but HSTS is disabled for your server/CDN

2. Update TLS config to support up to 1.3, remove support for 1.0 and 1.1

There's other little things too but those two are a big boost alone and would take five minutes if that.

Reply to this note

Please Login to reply.

Discussion

Avatar
nostr.build 2y ago

Just noticed the same with Damus.. we’ll fix the api today.

Avatar
Pablo Xannybar 2y ago

🫡