- From: Soni L. <fakedme+http@gmail.com>
- Date: Sat, 16 Mar 2024 08:51:55 -0300
- To: HTTP Working Group <ietf-http-wg@w3.org>
hello! one of the issues with fediverse is how each instance caches other instances' posts, but when you copy the link to a post it gives you a link to your own instance. this link then either does a redirect (which is dangerous and mastodon is deprecating it), shows an interstitial (new versions of mastodon do this), or shows the cached content (most other instances do this). doing a redirect is bad because it paves way for certain kinds of phishing attacks. but it preserves the original opengraph metadata, allowing for seamless link previews. an interstitial is great because it reduces the chances of those phishing attacks. but it breaks the opengraph metadata, so you don't get link previews. the third case we don't talk about because it's not really relevant to this post. (except minimally it is, more on that in a bit.) so the Is-Autonomous header would ideally be set by link preview systems and not by anyone else (explicitly not by browsers). when a server sees Is-Autonomous, it could change its behaviour in any of the following ways: - instead of showing an interstitial, it could do a redirect. - instead of rendering an entire regular page template, it could render just the opengraph metadata. - it could reject the request altogether. the first 2 of these are great incentives to use the Is-Autonomous header: the first one makes link previews work, and the second one saves bandwidth both on the server and on the link preview system. we believe these benefits outweigh the drawback of the third for anyone interested in deploying this. but enough with what we believe, what does the http wg think?
Received on Saturday, 16 March 2024 11:52:08 UTC