-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEP 6,12,24,31: deprecate X-Stellar-Signature
in favor of Signature
#1333
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would their be value in making this a non-breaking change, by saying that applications should publish both headers until the next breaking change that removes the older X-Stellar-Signature? If no, 👍🏻.
I think it's safer to do so for a smooth transition. Otherwise, the application (wallet backend) would have to check for both |
I made a similar comment about backward compatibility here. Otherwise looks good to me. |
Ok, we'll go with the following approach:
|
049a17e
X-Stellar-Signature
with Signature
X-Stellar-Signature
in favor of Signature
I was thinking of a less restrictive/complicated approach:
That allows Anchors to not have to update an existing code for now. |
I think the approach we took allows outdated wallets & anchors still using If we specified that anchors could send |
I think I am missing something here. Today we only use |
This doesn't work for a new anchor (using |
To work with multiple anchors, before all of them adopt the new |
Thats right, is that acceptable? MoneyGram is unlikely to send both, so Vibrant will likely need to check for both anyway. I agree with @C0x41lch0x41 that allowing anchors to send one header is the simpler approach. |
Yes, I can have Vibrant check for both until all the supported anchors migrate to the new header. |
resolves #1328
Updates the name of the signature header for callback requests from
X-Stellar-Signature
toSignature
.While this is technically a breaking change, the addition of the callback signature mechanism is new enough to not be concerned making existing implementations noncompliant.