A vision for Gemini applications

Meff meff at meff.me
Wed Jun 17 08:53:32 BST 2020

Previous message (by thread): A vision for Gemini applications
Next message (by thread): A vision for Gemini applications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey all,

I like many of the ideas you expressed in your post but wanted to 
discuss one thing.

You mentioned that you would like to see *no* cross-domain linking, in 
order to remove the complexities of having to do some sort of CSRF-style 
validation. The thing is, I think cross-domain linking is useful. It's 
useful when replying to someone's Gemlog post, it's useful when creating 
lists of links you would like to recommend to visitors of your capsule, 
and for linking to sources of truth that may live elsewhere (especially 
if linking against the web).

How about a relaxed version of this, where all clients that wish to 
"follow" cross-domain links *must* strip out any query params. For basic 
clients, that would be as simple as a regex that strips the "?" used to 
start a query string, and everything that comes after. For more 
sophisticated clients that have access to URL processing libraries, this 
should be as simple as parsing the URL, removing any query strings, and 
hydrating this URL again. Now cross-domain requests cannot contain any 
sort of "payload" that the server would mutate state with. Of course, 
there is the possibility that a page view for an URL even without a 
query param would mutate state on the server, but that is already an 
issue now.

Thanks,
meff

On 6/16/20 12:53 PM, solderpunk wrote:
> Hi all,
> 
> I just posted a (long!) entry at my Corned Beef Sandwiches gemlog
> outlining my vision for applications in Geminispace:
> 
> gemini://gemini.circumlunar.space/users/solderpunk/cornedbeef/a-vision-for-gemini-applications.gmi
> 
> Note that my vision does not need to be everybody's vision.  I am
> benevolent dictator of the protocol, but not what people build on top of
> it.  I do hope people will give it some thought, though.  I'd like to
> think there are good ideas in there.  It ties in many things which have
> been discussed on the list recently, including Tomasino's "streaming"
> idea and the issue of all our nice simple apps being vulnerable to CSRF.
> 
> Cheers,
> Solderpunk
>

Previous message (by thread): A vision for Gemini applications
Next message (by thread): A vision for Gemini applications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list