• #dev 2019-12-25
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2019-12-25 UTC
# 02:17
[dmitshur] one of the challenges of implementing an IndieAuth client is the need to make some HTTP requests, e.g., to discover the authorization_endpoint on a user-provided URL. the spec disallows URLs that are not domain name (e.g, `localhost`) or IPs (e.g. `127.0.0.1` ), and in theory it _should_ be safe to make arbitrary GET requests... but it's still potentially a little scary.