You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per indieweb/indieauth#36, IndieAuth profiles (and probably other profiles) need a better way to handle URL redirections than simply accepting the final URL. Currently we just chase all redirections and use the final response URL as the canonical URL, but instead we should keep track of redirections and use the last URL that came before the first temporary redirect.
This is the edge-casiest of edge cases and only really applies to IndieAuth/IndieLogin (which are the only handlers which even retrieve the profile page) but it would still be helpful to do the redirection chase. See below for an example of what (again, very rare) edge case would fail.
For that matter, if the canonical profile URL is different, the URL-based detection logic could be rerun so that e.g. https://beesbuzz.biz/twitter will be treated as https://twitter.com/fluffy and not dropped as an unhandled auth type.
IndieAuth test cases
Provided profile URL
Redirection chain
me URL
Pass/fail
http://alice.example.com
permanent -> https://alice.example.com
https://alice.example.com
pass
http://alice.example.com
temporary -> https://alice.example.com
https://alice.example.com
fail? (different scheme)
http://alice.example.com
temporary -> https://alice.example.com
http://alice.example.com
pass
https://alice.example.com
permanent -> https://example.com/~alice
https://alice.example.com
fail (different domain)
https://alice.example.com
temporary -> https://example.com/~alice
https://alice.example.com
pass
https://alice.example.com
permanent -> https://example.com/~alice
https://example.com/~alice/
pass
The text was updated successfully, but these errors were encountered:
Also, per the final-me-verification change (see #84), that needs to actually verify based on the redirection-target URL, not the initial me URL.
Ideally there should be a sibling to utils.request_url which returns a pair of (request,permanent_url) and indieauth.find_endpoint similarly returns a pair of (endpoint_url,profile_url).
Per indieweb/indieauth#36, IndieAuth profiles (and probably other profiles) need a better way to handle URL redirections than simply accepting the final URL. Currently we just chase all redirections and use the final response URL as the canonical URL, but instead we should keep track of redirections and use the last URL that came before the first temporary redirect.
This is the edge-casiest of edge cases and only really applies to IndieAuth/IndieLogin (which are the only handlers which even retrieve the profile page) but it would still be helpful to do the redirection chase. See below for an example of what (again, very rare) edge case would fail.
For that matter, if the canonical profile URL is different, the URL-based detection logic could be rerun so that e.g.
https://beesbuzz.biz/twitter
will be treated ashttps://twitter.com/fluffy
and not dropped as an unhandled auth type.IndieAuth test cases
me
URLhttp://alice.example.com
https://alice.example.com
https://alice.example.com
http://alice.example.com
https://alice.example.com
https://alice.example.com
http://alice.example.com
https://alice.example.com
http://alice.example.com
https://alice.example.com
https://example.com/~alice
https://alice.example.com
https://alice.example.com
https://example.com/~alice
https://alice.example.com
https://alice.example.com
https://example.com/~alice
https://example.com/~alice/
The text was updated successfully, but these errors were encountered: