Robin Berjon
Robin Berjon
Whoa, you're having all the fun without me. I don't recall the exact reasons why people moved away from CC0; the spec license debates in the web community were very...
Sure thing. I've been going through the existing specs and also looking at what Kubo does. I think having the discussion with the whole gang might be the best option.
I think that depends on how the PDS is architected. Some PDSs are basically stores with an ACL layer, and once you've granted access the horses have fled the barn....
If the manifest is JSON, you can detect that you're getting a manifest just by knowing that you're retrieving an `application/json` document.
I know, I saw that in the docs, my initial plan was to use that for al paging operations. But when I tried it all I got were 504s so...
I would like to suggest taking the restrictions on `Permissions-Policy` (which was called `Features-Policy` when this issue was opened — @lidel mentions it at the top) further ([spec](https://w3c.github.io/webappsec-permissions-policy/), [mdn](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy)). When...
In addition to `Permissions-Policy`, I think the following would be good: ``` Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; form-action 'self'; connect-src 'self' data: ; manifest-src 'none' ; object-src 'none'...
I would also worry that the test suite could become rather large as more corner cases get covered, which might not align well with what is good for `public-gateway-checker` (I'm...
Ok, I made a prototype — let me know if you think this is headed in the right direction. The runner is over at https://github.com/darobin/ipseity/blob/main/bin/bastest.js, and I made a quick...
Oh — I forgot an important point: one limitation of this approach is that the gateway must be at least minimally writeable. Otherwise there's no way to put the fixtures...