💾 Archived View for gemi.dev › gemini-mailing-list › 000198.gmi captured on 2023-12-28 at 15:43:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-04)

🚧 View Differences

-=-=-=-=-=-=-

redirect opt-in?

1. Petite Abeille (petite.abeille (a) gmail.com)

Given that user-agents should refrain from initiating network connection 
on their own, should redirects (3x)  be manually confirmed? With explicit user consent?

The spec is ambivalent:

Redirect limits
Clients may prompt their users for decisions as to whether or not to 
follow a redirect, or they may follow redirects automatically.  

Perhaps user-agents SHOULD prompt for decisions as to whether to follow a 
redirect, or MAY follow redirects automatically.

Link to individual message.

2. solderpunk (solderpunk (a) SDF.ORG)

On Wed, Jun 10, 2020 at 12:49:11PM +0200, Petite Abeille wrote:
> Given that user-agents should refrain from initiating network connection 
on their own, should redirects (3x)  be manually confirmed? With explicit user consent?

The recent change in the spec regarding automatic initiation of network
connections is very clearly limited in scope to the displaying of link
lines, so redirects are not covered by it.

> Perhaps user-agents SHOULD prompt for decisions as to whether to follow 
a redirect, or MAY follow redirects automatically.  

Bombadillo is an example of a client which always prompts for a decision
on redirects with (to my knowledge) a single exception (maybe this is
still just planned, not implemented - I don't use Bombadillo often, but
Sloum and I talk about client design a lot).  If a client requests a URL
not ending in a slash, and the server maps it to a directory, the server
must issue a redirect which appends the slash to the URL, otherwise
relative links will not work.  Manually confirming *that* every time
will be annoying and serve no good purpose.

AV-98 is slightly more pragmatic.  If can be configured to prompt on
every redirect, but by defaut it automatically follows all redirects

protocols, which are the most suspicious kinds.

Cheers,
Solderpunk

Link to individual message.

---

Previous Thread: "Wide load" status code(s)?

Next Thread: 60 & 61 & 62 vs. userinfo