Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ambiguity in handling redirections #36

Open
fluffy-critter opened this issue Oct 30, 2019 · 0 comments

Comments

@fluffy-critter
Copy link

@fluffy-critter fluffy-critter commented Oct 30, 2019

According to https://indieauth.spec.indieweb.org/#discovery-by-clients:

If an HTTP permament redirect (HTTP 301 or 308) is encountered, the client MUST use the resulting URL as the canonical profile URL. If an HTTP temporary redirect (HTTP 302 or 307) is encountered, the client MUST use the previous URL as the profile URL, but use the redirected-to page for discovery

This does not answer the question of what happens if a profile URL has a temporary redirect to another URL, which then has a permanent redirect to yet another URL.

For example, if the user profile URL is at https://username.example and there is a temporary redirect to https://example.com, the second MUST indicates that the profile URL should be unchanged. However, if https://example.com then has a permanent redirect to https://example.com/username, the first MUST implies that the profile URL should be updated to https://example.com/username even though the first redirection was temporary.

Perhaps rephrasing the paragraph like this would help:

Clients MUST start by making a GET or HEAD request to [Fetch] the user's profile URL to discover the necessary values. Clients MUST follow HTTP redirects (up to a self-imposed limit). If an HTTP temporary redirect (HTTP 302 or 307) is encountered, the client MUST use the previous URL as the profile URL, but use the redirected-to page for discovery. If an HTTP permament redirect (HTTP 301 or 308) is encountered, the client MUST use the resulting URL as the canonical profile URL if there had not previously been a temporary redirect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
You can’t perform that action at this time.