Add suggestion of returning a 401 for non-/login requests

2018-12-14 12:03:19 +00:00 · 2018-12-14 12:03:19 +00:00 · b95d5724a4
commit b95d5724a4
parent f7c7a74092
1 changed files with 6 additions and 0 deletions
--- a/proposals/1730-cs-api-in-login-response.md
+++ b/proposals/1730-cs-api-in-login-response.md
@ -26,6 +26,12 @@ clients to an alternative homeserver after login. Clients SHOULD use the
 provided `well_known` object to reconfigure themselves, optionally validating the
 URLs within.

+Note: a server that redirects all clients to different servers must nonetheless
+consider clients making requests other than `/login`: for example, some clients
+may fail to support redirection. It is acceptable in such a case to return a
+401 response to all non-`/login` requests if the service does not wish to
+support such clients.
+
 ## Application

 Let's imagine for this description that our organisation is the University of