2021-09-30 UTC
# benatkin If an IndieAuth client for something needing high security required the Authorization Endpoint Link to be in the header rather than HTML, would it still be considered an IndieAuth client? How about if a <link> was in the head? Maybe show a warning instead? HTML is more often user editable than headers