• #dev 2020-11-19
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2020-11-19 UTC
# 19:33
[Simon_Willison] Oh I think I've spotted a spec confusion: "The resulting profile URL MAY be different from the canonical profile URL as resolved by the client, but MUST be on the same domain." - that's a security issue right? The problem is that the final JSON returned by the profile URL response https://indieauth.spec.indieweb.org/#profile-url-response could have anything in the "me" field - it's up to my client implementation to verify that the "me"