-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API handling of redirects #499
Comments
In cross-origin contexts we definitely shouldn't, as it would reveal information that would normally be blocked by CORS. For same origin we could, but I don't recommend it. It would encourage people to treat the handshake as a vector for passing information. I would prefer it if they used the WebTransport protocol to exchange info. |
It sounds like we're landing on shouldn't? If so,
...since this spec currently doesn't expose any API for redirects, do we just close this? |
I think the question was whether we should tell the client we got a 3nn status, or whether we should just return an error. |
Short of exposing the url being redirected to, what would an application do with this information? If the use case is merely debugging, UAs can expose this in web console or hint at it in the message if they want, which this spec would not get involved with. |
Meeting:
|
Regarding chair action to ask IETF, we are about to enter a recursive loop as it seems that this question was already addressed via ietf-wg-webtrans/draft-ietf-webtrans-http3#61 (comment). Unless a compelling use-case can be provided for exposing the redirect and given the security concerns, suggestion for workgroup is that we do not notify the client for now. If future use-cases become apparent which require notification, we can extend the spec at that time. |
The redirect is not intentionally in the protocol, it's just a consequence of it being an HTTP request is that a server can always reply with a 3xx. "3xx is a fatal error just like 5xx would be" is one possible answer. |
Meeting:
|
ietf-wg-webtrans/draft-ietf-webtrans-http3#113 says: "The user agent MUST NOT automatically follow such redirects, as the client could potentially already have sent data for the WebTransport session in question; it MAY notify the client about the redirect."
This is an issue about whether we should, in fact, notify the client about 3xx codes in the API.
The text was updated successfully, but these errors were encountered: