-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ambiguity in handling redirections #36
Comments
I also found it hard to be confident how to interpret the current wording in a situation involving both permanent and temporary redirects. My best interpretation has been to understand that if there is a sequence of redirects and they are all temporary, then the original user profile URL is considered canonical. If there is one or more permanent redirect involved, then the URL of the last permanent redirect is considered canonical. I wrote an example based on that interpretation, which looks like this:
And I've reached out to @aaronpk for his thoughts on that example. I've also noticed that the 303 See Other status code is not mentioned in the spec. I currently understand it should be treated as a temporary redirect, but it could be made more clear. |
Hmm, would a 303 ever come up naturally? I've never seen that in the wild as far as I know, and per the linked Wikipedia page the intent is for returning a resource redirect after a POST, which should never happen for a profile lookup. That said, from the phrasing, 303 does seem like it should be handled the same way as a 302. |
From my understanding (and recollections of previous discussions) the result canonical profile URL in @dmitshur’s example is Permanent redirects are in place to update the canonical URL. If a publisher decides to use a temporary redirect, it is because this may rapidly change in the future and should not be seen as the canonical location for the resource. (Or in this case, the canonical URL for their identity.) If the temporary place uses permanent redirects again, that is just because the temporary resource is moving around. Not because the original publisher has decided to make any of that their new canonical location. In short: as soon as the first non-permanent redirect is encountered, it is that redirect’s origin URL that is the canonical URL. |
Any more thoughts on reasonable verbiage for this spec change? I'm still struggling to come up with unambiguous, concise RFC-ese. |
1. Requires that the final profile URL be redirection-normalized in the same way as initial profile discovery 2. Specifies the order of the validation steps/conditions This does not address the issue of the verbiage regarding redirection normalization, which is still covered in issue indieweb#36.
I think this is a tough one. Especially because the expected behaviour is so ingraned to me already that I have a hard time interpreting the original text as anything other than working. But maybe something along the lines of the following?
I think for clarity we may also want to add another example. But I am not sure how to create an example without getting very verbose with a tree like the one @dmitshur showed above… |
@Zegnat I like that wording and I think it covers my test case quite clearly. My main suggestion would be to also consider either adding 303 status code to the list of temporary redirects, or avoiding enumerating an incomplete list. |
303 should never come up in a profile-discovery context. |
Thanks for the proposed text! That has been merged. |
Yay! I am now technically a W3C specification contributor! Time to update my resume. ;) |
According to https://indieauth.spec.indieweb.org/#discovery-by-clients:
This does not answer the question of what happens if a profile URL has a temporary redirect to another URL, which then has a permanent redirect to yet another URL.
For example, if the user profile URL is at
https://username.example
and there is a temporary redirect tohttps://example.com
, the second MUST indicates that the profile URL should be unchanged. However, ifhttps://example.com
then has a permanent redirect tohttps://example.com/username
, the first MUST implies that the profile URL should be updated tohttps://example.com/username
even though the first redirection was temporary.Perhaps rephrasing the paragraph like this would help:
The text was updated successfully, but these errors were encountered: