That’s what this proposal changes! On Tue, Dec 16, 2025 at 5:53 AM Nico Williams <[email protected]> wrote:
> On Tue, Dec 16, 2025 at 04:45:08AM +0100, Dick Hardt wrote: > > On Tue, Dec 16, 2025 at 12:52 AM Nico Williams <[email protected]> > > wrote: > > > > > I also think it was a mistake for HTTP to say that no headers may be > > > copied from a redirect response to the redirected request. > > > > When / where was that? > > Ay, I might have hallucinated that there is a stricture against it, but > also user-agents normally don't copy any redirect response headers to > the redirected requests, so in effect there is normally no way for a > server to communicate with an IdP/token issuer over headers by way of > the user-agent. > > Nico > -- >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
