David @mleku - 1y
it seems that someone with access to nsa.gov is fucking with us nostr:npub15869nfhd78frevqt6wqmeglkskzgh3sezpmeucdev0z0as0fqjvspq6qwk https://i.nostr.build/XVwEB.png https://i.nostr.build/mlWoj.png and you see their responses to my notes?
The Zap Master ™ @The Zap Master ™ - 1y
Nah 🛑
semisol @semisol - 1y
the nip05 is failing validation
well nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr if i see yellow exclamation mark it means what? i was running my own and it was only getting that result because of missing CORS headers permitting the app to integrate them as their non-XXS output so if i see this shit it just means fail altogether?
also, it was purple check until a bit under a month ago, then suddenly flipped to yellow exclamation mark this had me frantic for a week until i rewrote my reverse proxy to put the right cors headers in, and mine are now pristine, as you can see. so i can't tell what it means and this account is obviously trolling me, wdyt?
I think it means it has failed validation in some way you should not show NIP-05s at all if they fail validation unless it’s the user’s own profile to inform them
those are just troll accounts, yeah
*get out the paddle for nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr *
they started on me this morning, anyway
also, awesome... you know you are making an impact when people are trying to fuck with you
Will you also show signed notes with an invalid signature?
what. just what. 😭
i knew it was the same error as mine, so the implication is that whoever they are has control of nsa.gov domain
the note says "due to CORS error" not due to "could not find .well-known/nostr.json" according to what you just said about how nostrudel shows it, it would be a red exclamation mark if they didn't have the file at the domain
https://www.nsa.gov/.well-known/nostr.json it is a 404
so it should be assumed to be bogus altogether
should add this issue to NIP-05 to point out that this feature does not work if the server hosting the content doesn't send CORS wildcard in a way, it's correct to block JSON content this way, as it is literally javascript code
i've put an issue up on the nips repo because i think that if it's required for web browsers it should say as much in the spec so that people deploying NIP-05 services are alerted to this issue otherwise we are letting down web app users with the whole purpose of the thing being to impersonations and fraudulent user metadata
