Clarify that the X-Matrix validation uses the parsed request body (#3727)

2 years ago · 8a0a799a4b
parent 9e4b170643
commit 8a0a799a4b
2 changed files with 3 additions and 1 deletions
--- a/changelogs/server_server/newsfragments/3727.clarification
+++ b/changelogs/server_server/newsfragments/3727.clarification
@ -0,0 +1 @@
+Clarify that the `content` for `X-Matrix` signature validation is the parsed JSON body.
--- a/content/server-server-api.md
+++ b/content/server-server-api.md
@ -237,7 +237,7 @@ Step 1 sign JSON:
    "uri": "/target",
    "origin": "origin.hs.example.com",
    "destination": "destination.hs.example.com",
-    "content": <request body>,
+    "content": <JSON-parsed request body>,
    "signatures": {
        "origin.hs.example.com": {
            "ed25519:key1": "ABCDEF..."
@ -274,6 +274,7 @@ def authorization_headers(origin_name, origin_signing_key,
    }

    if content is not None:
+        # Assuming content is already parsed as JSON
        request_json["content"] = content

    signed_json = sign_json(request_json, origin_name, origin_signing_key)
				`@ -0,0 +1 @@`
				Clarify that the `content` for `X-Matrix` signature validation is the parsed JSON body.