From 131020faeb4c65e9a787ac61debc4c2142b103b4 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Thu, 6 Jun 2024 13:50:56 +0200
Subject: [PATCH] drop date (#2969)

---
 docs/federation/federating_with_gotosocial.md | 4 ++--
 internal/transport/signing.go                 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md
index 947a03f9b..0fd4580ce 100644
--- a/docs/federation/federating_with_gotosocial.md
+++ b/docs/federation/federating_with_gotosocial.md
@@ -44,8 +44,8 @@ GoToSocial request signing is implemented in [internal/transport](https://github
 
 When assembling signatures:
 
-- outgoing `GET` requests use `(request-target) host date`
-- outgoing `POST` requests use `(request-target) host date digest` 
+- outgoing `GET` requests use `(request-target) (created) host`
+- outgoing `POST` requests use `(request-target) (created) host digest` 
 
 GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`.
 
diff --git a/internal/transport/signing.go b/internal/transport/signing.go
index e33e4a05f..fa15eee5e 100644
--- a/internal/transport/signing.go
+++ b/internal/transport/signing.go
@@ -25,8 +25,8 @@ var (
 	// http signer preferences
 	prefs       = []httpsig.Algorithm{httpsig.RSA_SHA256}
 	digestAlgo  = httpsig.DigestSha256
-	getHeaders  = []string{httpsig.RequestTarget, "host", "date"}
-	postHeaders = []string{httpsig.RequestTarget, "host", "date", "digest"}
+	getHeaders  = []string{httpsig.RequestTarget, "(created)", "host"}
+	postHeaders = []string{httpsig.RequestTarget, "(created)", "host", "digest"}
 )
 
 // NewGETSigner returns a new httpsig.Signer instance initialized with GTS GET preferences.