The DNT tracking status resource at /.well-known/dnt/ can be a redirect see https://w3c.github.io/dnt/drafts/tracking-dnt.html#status-resource
From: Daniel Veditz <dveditz@mozilla.com>
Sent: 04 April 2018 20:28
To: John Wilander <wilander@apple.com>
Cc: Brad Hill <hillbrad@gmail.com>; Jeffrey Yasskin <jyasskin@google.com>; public-webappsec@w3.org
Subject: Re: Proposal: https://example.com/.well-known/modify-credentials
On Wed, Apr 4, 2018 at 11:25 AM, John Wilander <wilander@apple.com <mailto:wilander@apple.com> > wrote:
1. Are you saying we should have additional well-known locations for these additional services?
2. Or are you saying we should have requirements on the markup of the page you end up on when loading .well-known/modify-credentials?
My first reaction was that it seemed strange (and limiting!) to have a working web page at a .well-known address, and especially strange for a .well-known address to be a redirect. Are there any others that behave that way?
If instead it returned data about where to find the password change URL on the site we could easily add more information, such as the ones Brad suggested or where to find the programmatic log-in (no web page required) suggested in Mike's proposal.
-
Dan Veditz