Closed aaronpk closed 2 years ago
When following redirects to determine the user's canonical profile URL, stop if a temporary redirect (HTTP 302) is found. This is similar to the old algorithm we had in the IndieAuth spec
See https://github.com/aaronpk/webmention.io/issues/174 for an example of this causing a problem in the wild.
If the website is a temporary redirect to a path, we want to use the prior URL as the identity URL.
This doesn't apply to the IndieAuth provider since that's now handled better by checking for the matching authorization endpoint.
When following redirects to determine the user's canonical profile URL, stop if a temporary redirect (HTTP 302) is found. This is similar to the old algorithm we had in the IndieAuth spec
See https://github.com/aaronpk/webmention.io/issues/174 for an example of this causing a problem in the wild.
If the website is a temporary redirect to a path, we want to use the prior URL as the identity URL.
This doesn't apply to the IndieAuth provider since that's now handled better by checking for the matching authorization endpoint.