Should link relations define the behaviour of the user agent following a link? #1

darrelmiller · 2024-11-03T15:14:21Z

This issue is a based on feedback from a SECDIR review:

If a user follows one of these links, should it replace the page content or
open separately? If it opens separately, should it autoclose when the action
(e.g. "login") completes, and if so how? (This is more ergonomic but creates
risk related to "clickjacking".) Should the page content be reloaded after a
login state change? * What format does "authenticated-as" provide? It seems
like the intent here would be to support a "chip" in the browser chrome showing
the logged-in user's name (and icon/picture?), but this would require
specifying the actual format of the resource, which is not done here.

https://datatracker.ietf.org/doc/review-ietf-httpapi-authentication-link-01-secdir-early-schwartz-2024-06-28/

The general question here is it expected for link relation types to define the behaviour of user agents that follow links?

darrelmiller added this to HttpApi Active Issues Nov 5, 2024

darrelmiller moved this to In Discussion in HttpApi Active Issues Nov 5, 2024

darrelmiller moved this from In Discussion to Waiting on response in HttpApi Active Issues Nov 5, 2024

darrelmiller moved this from Waiting on response to In Discussion in HttpApi Active Issues Nov 5, 2024

darrelmiller moved this from In Discussion to Seeking Feedback in HttpApi Active Issues Nov 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Should link relations define the behaviour of the user agent following a link? #1

Should link relations define the behaviour of the user agent following a link? #1

darrelmiller commented Nov 3, 2024

Should link relations define the behaviour of the user agent following a link? #1

Should link relations define the behaviour of the user agent following a link? #1

Comments

darrelmiller commented Nov 3, 2024