[css-view-transitions-2] MPA: What happens if there's a cross-origin redirect?

[jakearchibald]

Previous discussion: WICG/view-transitions#200

If you navigate from origin A to origin B, which redirects back to A, it seems bad to expose that there was no in-between page by allowing a transition to run or not.

So, if there's a cross-origin redirect, it feels like we should disallow transitions. We can lift the behaviour in future if we feel it's safe.

[tabatkins]

Agreed.

[noamr]

I don't think there is any disagreement here. Can we close this issue? It's in the explainer.

[jakearchibald]

As long as folks remember to put it in a spec

[noamr]

Thinking about this again while working on a draft spec, disallowing cross-origin redirects might lead to strange behaviors:

• you're on here.example.com/, you click other.example.com which redirects you to here.example.com/next.
• No transition, because of cross-origin redirect
• you go back, and then forward.

Do we run transitions on the back/forward navigations, even though this would expose that there was a cross-origin redirect?
What about when calling history.go(-2) and then +2? I guess we could say that history navigations never have this limitation.

Also, regarding "it seems bad to expose that there was no in-between page" - it's already exposed by calling history.length before and after. So I wonder what the point is with protecting against cross-origin redirect navigations here at all. I can't find too many things that are different when you have a cross-origin redirect, it's mainly about protecting from knowing information about those redirects themselves (e.g. timing information).

Even without any new VT API, the developer can today:

• put some transition information in localStorage
• Navigate to another origin
• If redirected back to their own origin, check history.length to determine if this navigation started in the same origin, and if so, read localStorage and perform the transition.

[noamr]

Speaking with @annevk about this, one valid reason to disallow transitions on cross-origin redirects though is so that the user doesn't feel that things are "smoothed out", they should probably be aware somehow that there was a redirect, even if it's minor like a flash-of-white etc.

If this is the reason to disallow VT on XO-redirect, it's pretty clear to spec, and wouldn't apply to history traversals as the redirect doesn't happen then and it's ok to keep them smooth.

[noamr]

Closing, as this is in the draft spec. https://drafts.csswg.org/css-view-transitions-2/#document-setup-outbound-cross-document-view-transition