- From: Soni L. <fakedme+http@gmail.com>
- Date: Sun, 17 Mar 2024 15:51:31 -0300
- To: Evert Pot <me@evertpot.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CA+-cKyPC+LTG7UC3QMtw6wtJf+sM_NzUcbfBqLA3vXkhyLBWXw@mail.gmail.com>
sure? uh we don't really have a strong opinion or anything, as long as we can implement it in our own link preview system... (hard part might be getting any sort of consensus) oh uh, would messing with the Accept header break anything for static websites? those can't really vary the response based on the Accept header... tho it also feels kinda weird that an Accept header would lead to a redirect... On Sun, Mar 17, 2024, 12:55 Evert Pot <me@evertpot.com> wrote: > > On 2024-03-16 07:51, Soni L. wrote: > > hello! > > one of the issues with fediverse is how each instance caches other > instances' posts, but when you copy the link to a post it gives you a link > to your own instance. this link then either does a redirect (which is > dangerous and mastodon is deprecating it), shows an interstitial (new > versions of mastodon do this), or shows the cached content (most other > instances do this). > > doing a redirect is bad because it paves way for certain kinds of phishing > attacks. but it preserves the original opengraph metadata, allowing for > seamless link previews. > > an interstitial is great because it reduces the chances of those phishing > attacks. but it breaks the opengraph metadata, so you don't get link > previews. > > the third case we don't talk about because it's not really relevant to > this post. (except minimally it is, more on that in a bit.) > > so the Is-Autonomous header would ideally be set by link preview systems > and not by anyone else (explicitly not by browsers). when a server sees > Is-Autonomous, it could change its behaviour in any of the following ways: > > - instead of showing an interstitial, it could do a redirect. > - instead of rendering an entire regular page template, it could render > just the opengraph metadata. > - it could reject the request altogether. > > the first 2 of these are great incentives to use the Is-Autonomous header: > the first one makes link previews work, and the second one saves bandwidth > both on the server and on the link preview system. we believe these > benefits outweigh the drawback of the third for anyone interested in > deploying this. > > but enough with what we believe, what does the http wg think? > > Based on the use-case, this seems more like a job for a 'preview'-related > media-type in an Accept header. > > >
Received on Sunday, 17 March 2024 18:51:51 UTC