I am trying to implement a web server to serve static content as a canister in Rust. Now, typically all query/mutate calls are submitted as signed transactions. However in this particular case I would type the requisite URL in the browser, hit one of the boundary nodes, which will request the asset to be loaded from my canister. Do we bypass all verification of signatures in this process since a browser request can’t be signed? Thanks in advance.
1 Like
Here is the spec how it works exactly.
You’re right, the client request is basically unsigned. The boundary nodes convert the HTTP requests into query calls signed by the anonymous identity, which everyone can do on their own too (To do it yourself: dfx identity use anonymous).
The response is still properly checked for certification and replica signature.
1 Like