Re: [whatwg/fetch] Why does Fetch specify a max redirect count of 20? (#576) from sleevi on 2017-08-14 (public-webapps-github@w3.org from August 2017)

From: sleevi <notifications@github.com>
Date: Mon, 14 Aug 2017 16:02:33 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/576/322231810@github.com>

@domenic I don't think they're opposed. Chrome's limit of 20 is much easier to change than Safari's, provided we get metrics on risk. It's unclear the overhead of changing HSTS to be counted as redirects for purposes of Safari - @cdumez hasn't weighed in on that, and I don't want to assume. So it's possible that if we _don't_ change to a segmented internal/external redirect, and given that two implementations don't (presently) make that distinction, we could potentially align on a 16-redirect limit and call it done. That's why I did not understand the advocacy for an internal/external split - it's something we could potentially do without.

That said, I think it's also useful to understand what impact, if any, that internal/external split has on the Web Platform. To the extent the Fetch spec represents "API docs", I'm totally on board with documenting API contracts, but I don't think we should overly specify those API contracts in a way that prevents us from making changes, integrations, or improvements. That's why I think over-specifying redirects would be undesirable, and it doesn't sound like we have a compelling reason to make that split other than "We should document that" - that is, it's unclear how or why that should cause different behaviour.

@annevk identified one other - which is Upgrade-Insecure-Requests. But it's unclear to me what, if any, benefit is derived from having HSTS or U-I-R *not* treated as redirects. We could equally specify that the application of these counts as a redirect for purposes of Fetch's limit, and be done with it.

So the concrete question is:
- Would implementations have issue with treating HSTS and U-I-R (e.g. specified bits, as opposed to internal implementation details) as counting as redirects towards the limit? Would that present challenges for implementations commiserate with the challenges of splitting internal/external?

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/576#issuecomment-322231810

Received on Monday, 14 August 2017 16:04:11 UTC