Barry Dorrans

A side note, this doesn't address any descriptions which seem weird, or where the grammar is odd. For example, the [description on bskyAppProgressGuide](https://github.com/bluesky-social/atproto/blob/main/lexicons/app/bsky/actor/defs.json#L448) is "If set, an active progress guide....

The Identity folks are probably right :) Inside the cluster itself your apps are probably running on http only, with a proxy in front taking care of HTTPS termination, and...

Tagging in @apwestgarth for investigation :)

Andy is taking a look at it

It falls to configuration of whatever the proxy is in front of the container/service. Azure App Services put the header in by default, as does, I believe nginx, and so...

Oh interesting, IPv6 @mkArtakMSFT who owns the header overrides middleware right now?

The templates assume username and email are the same, if you're veering from that assumption you need to adjust the UI for your own circumstances.

Override the cookie authentication events. As you're also using identity, it'd be something like ```c# services.ConfigureApplicationCookie(o => { o.Events = new CookieAuthenticationEvents() { OnRedirectToLogin = (ctx) => { if (ctx.Request.Path.StartsWithSegments("/api")...

That's an interesting idea @vanillajonathan. That responsibility lies outside of the authentication pieces, and in MVC, so I'll demure to @rynowak et al for that.

I'm going to disagree here @adityamandaleeka. Windows itself supports it, as does php, android, chrome and edge. We should add it, along with HEIC/HEIF. The usage of these types is...