Skip to content

Nostr - Configure NIP-05

The Nostr NIP-05 specification allows you to create an identifier that resembles an email address (e.g., user@example.com).

This identifier can be used to authenticate legitimate accounts and locate a user's public keys. For example, the Gossip desktop client allows you to input the identifier to follow a new user.

To set up this identifier, you will need to create a file in the /.well-known directory named nostr.json.

{
  "names": {
    "bob": "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9"
  }
}

The long string of text is your public key in hex format. Often you will have your public key in npub format so you will need to convert it. One easy to use tool is nostrstuff.com:

convert <npub>

CORS

After adding the nostr.json file, it is important to verify that CORS is enabled on your server.

CORS (Cross-Origin Resource Sharing) is a security feature implemented by web browsers that restricts web pages from making requests to a different domain than the one that served the web page. CORS helps to prevent malicious scripts from making unauthorized requests and accessing sensitive information on behalf of a user.

If the header access-control-allow-origin: * is present in the response, it means that CORS is enabled for the requested resource. This header can be set on a per-file basis.

CORS needs to be configured so that Nostr clients which check the NIP-05 identifier directly from the browser, such as Snort, will work.

To configure CORS when hosting a site with Vercel, you can add a vercel.json file with the following configuration:

{
  "headers": [
    {
      "source": "/.well-known/nostr.json",
      "headers": [{ "key": "Access-Control-Allow-Origin", "value": "*" }]
    }
  ]
}

To check CORS you can use https://cors-test.codehappy.dev/ or in a terminal run:

curl -sI https://example.com/.well-known/nostr.json?name=bob

If CORS is enabled correctly then in the response the following line should exist:

Access-Control-Allow-Origin: *

Redirects

The final url cannot have a redirect, so for example if your domain is redirecting from https://example.com to https://www.example.com you will need to turn that off for the nostr.json file to validate correctly.

With Vercel, you can turn off the domain name redirection under Project Settings > Domains.