The spec should clarify behavior when multiple redirects occur in sequence.
The browser only sends Redirect-Origin/Redirect-Query when it receives a redirect response containing Redirect-* headers. Each hop is independent — Redirect-Origin reflects the immediate previous origin, not the original origin.
This is straightforward for OAuth (single-hop redirects), but the spec should explicitly address the general case for HTTPBIS reviewers.
Raised during IETF 125 presentation preparation.
The spec should clarify behavior when multiple redirects occur in sequence.
The browser only sends Redirect-Origin/Redirect-Query when it receives a redirect response containing Redirect-* headers. Each hop is independent — Redirect-Origin reflects the immediate previous origin, not the original origin.
This is straightforward for OAuth (single-hop redirects), but the spec should explicitly address the general case for HTTPBIS reviewers.
Raised during IETF 125 presentation preparation.