steve, 3 months ago @stefan I’d guess they are using the domain of the the HTTP Signature key ID or signing entity (and requiring authorized fetch). Given the server knows the requesting domain, it’s easy to generate server-specific content.
@stefan I’d guess they are using the domain of the the HTTP Signature key ID or signing entity (and requiring authorized fetch). Given the server knows the requesting domain, it’s easy to generate server-specific content.