Skip to content
This repository has been archived by the owner on Nov 19, 2024. It is now read-only.

Commit

Permalink
feat: allow anonymous requests with invalid ingress_expiry
Browse files Browse the repository at this point in the history
  • Loading branch information
mraszyk committed Sep 28, 2024
1 parent ac416ec commit 441d390
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions spec/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -959,7 +959,7 @@ All requests coming in via the HTTPS interface need to be either *anonymous* or

- `nonce` (`blob`, optional): Arbitrary user-provided data of length at most 32 bytes, typically randomly generated. This can be used to create distinct requests with otherwise identical fields.

- `ingress_expiry` (`nat`, required): An upper limit on the validity of the request, expressed in nanoseconds since 1970-01-01 (like [ic0.time()](#system-api-time)). This avoids replay attacks: The IC will not accept requests, or transition requests from status `received` to status `processing`, if their expiry date is in the past. The IC may refuse to accept requests with an ingress expiry date too far in the future. This applies not only to update calls, but all requests alike (and could have been called `request_expiry`).
- `ingress_expiry` (`nat`, required): An upper limit on the validity of the request, expressed in nanoseconds since 1970-01-01 (like [ic0.time()](#system-api-time)). This avoids replay attacks: The IC will not accept requests, or transition requests from status `received` to status `processing`, if their expiry date is in the past. The IC may refuse to accept requests with an ingress expiry date too far in the future. This applies not only to update calls, but all requests alike except for anonymous `read_state` requests (and could have been called `request_expiry`).

- `sender` (`Principal`, required): The user who issued the request.

Expand Down Expand Up @@ -6344,7 +6344,7 @@ Conditions
E.content = ReadState RS
TS = verify_envelope(E, RS.sender, S.system_time)
|E.content.nonce| <= 32
S.system_time <= RS.ingress_expiry
S.system_time <= RS.ingress_expiry or RS.sender = anonymous_id
∀ path ∈ RS.paths. may_read_path_for_canister(S, R.sender, path)
∀ (["request_status", Rid] · _) ∈ RS.paths. ∀ R ∈ dom(S.requests). hash_of_map(R) = Rid => R.canister_id ∈ TS

Expand Down

0 comments on commit 441d390

Please sign in to comment.