| 02:24 | <NotWoods> | marti1125: What issue are you having? |
| 07:45 | <cihanmbebek> | So I've been battling with this Safari 307 redirect error. I was able to get a 307 POST redirect working with another server with a bit different redirect request. The main difference seems to be that, with this other server, I get the headers ":authority:", ":method:", ":path:" and ":scheme:" into the redirect request, and they are not appearing in the one that isnt working. |
| 07:45 | <cihanmbebek> | I'm not at all sure how my browser is determining if to include them or not. I'm getting quite sure that this might be a bug in Safari. |
| 07:46 | <cihanmbebek> | So what I'm doing is I'm comparing the requests on chrome to determine whats the difference, since I can't really get Safari to output any info about my failed request (the Safari devtools are horrible) |
| 07:47 | <cihanmbebek> | If anyone knows anything about those headers or why my 307 redirect might work on all other browsers except Safari, I'd reaaally appreciate any help :D |
| 08:22 | <annevk> | cihanmbebek: perhaps it's broken on H/2 or some such? |
| 08:33 | <annevk> | FYI: https://www.w3.org/mid/CADnb78iV3HqozS+mL8=rHNb7yzc1u65se7c5O==K+wDjt41ixA⊙mgc |
| 08:47 | <cihanmbebek> | annevk I think it might actually be the other way around, that its broken on http1 |
| 08:47 | <cihanmbebek> | coz the request without the http2 headers seems to work |
| 08:48 | <cihanmbebek> | but im unsure how my browser determines if the redirect should be done with or without the http2 headers, the request and response which returns the 307 look exactly alike as far as I can see |
| 08:49 | <annevk> | Well, web-platform-tests uses H/1 and it works there, so I guess I don't know then. |
| 08:50 | <cihanmbebek> | yeah, I'm completely lost as well :D but thanks for trying to help, I appreciate it :) |
| 10:48 | <cihanmbebek> | I think I have finally figured out what is missing from our requests! I think its related to CSP headers https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP |
| 10:48 | <cihanmbebek> | I guess other browsers just dont need to have the valid redirect urls listed in the CSP headers under 'form_action' |
| 10:48 | <cihanmbebek> | but safari requires it |
| 10:49 | <cihanmbebek> | im guessing! lets see if it works |
| 10:54 | <cihanmbebek> | https://github.com/w3c/webappsec-csp/issues/8 related to this if I understood correctly |
| 11:40 | <annevk> | Domenic: apologies for not reading OP in that ARIAMixin PR |
| 11:41 | <annevk> | Domenic: what's blocking it at the moment? Lack of response from rniwa? |
| 11:45 | <Domenic> | annevk: tests I believe |
| 11:46 | <Domenic> | Also I think your message on Mozilla standards positions was the second implementer interest. |
| 11:46 | <Domenic> | Hmm wait no this is untestable :(. So maybe it's good to go now I guess. |
| 11:46 | <annevk> | Domenic: yeah, still good to know if there are no objections; I have a hard time recalling whether we discussed ARIAMixin at all last week |
| 11:47 | <annevk> | Domenic: well, we can test that the attributes are exposed and can be changed |
| 11:47 | <Domenic> | Ah right true |
| 11:47 | <annevk> | Domenic: and can be set to arbitrary values |
| 11:47 | <annevk> | (as there doesn't seem to be validation anywhere) |
| 11:47 | <Domenic> | I knew there was something testable in there |
| 11:48 | <Domenic> | The tests might already exist since it's behind a flag in Chrome, but I'll check tomorrow. |
| 12:23 | <marti1125> | hi! |
| 12:34 | <annevk> | Hey marti1125 |
| 12:46 | <marti1125> | could you help with https://github.com/whatwg/html/issues/4911 |
| 12:46 | <marti1125> | how to find the bug... in the code |
| 12:48 | <annevk> | marti1125: sure |
| 12:48 | <annevk> | marti1125: in source, search for "andpixel" |
| 12:52 | <annevk> | marti1125: (I'm assuming you have the repository locally, I don't think GitHub supports editing files as large as source is) |
| 13:16 | <marti1125> | in source i don't find "andpixel" only "and pixel" |
| 13:21 | <Domenic> | marti1125: I see it on line 24843 |
| 13:24 | <marti1125> | in which branch? |
| 13:24 | <annevk> | marti1125: perhaps run "git checkout master" and "git pull" |
| 13:24 | <annevk> | and maybe check that git log matches https://github.com/whatwg/html/commits |
| 13:39 | <marti1125> | oww my fork is too old.... =/ |
| 13:51 | <marti1125> | I just send a pr https://github.com/whatwg/html/pull/4935 |
| 13:53 | <annevk> | marti1125: thanks; couple things remain |
| 13:53 | <annevk> | marti1125: signing https://participate.whatwg.org/agreement |
| 13:53 | <marti1125> | okay |
| 13:53 | <annevk> | marti1125: ideally "pixel" moves to the next line as the line exceeds 100 columns now |
| 13:53 | <marti1125> | okay |
| 13:53 | <annevk> | marti1125: and you might want to add your name to the Acknowledgments section |
| 13:53 | <annevk> | (optional) |
| 14:46 | <annevk> | Domenic: is there a canonical place to discuss the lack of integrity for module scripts? (Note that SRI only covers style sheets and scripts (and fetch()) to date so background-image and such weren't really a concern although ideally they are also covered of course.) It might well be that some version of Import Maps can tackle this, but I guess there was |
| 14:46 | <annevk> | already discussion had there so maybe we should discuss requirements elsewhere first. |
| 23:48 | <Domenic> | annevk: whatwg/html seems like the right place |