946
edits
Line 50: | Line 50: | ||
The user-agent must follow this set of checks to determine an Account Management Realm on retrieving a resource: | The user-agent must follow this set of checks to determine an Account Management Realm on retrieving a resource: | ||
# If the HTTP response has an "X-Account-Management" HTTP header, the realm is the value of this header. | # If the HTTP response has an "<tt>X-Account-Management</tt>" HTTP header, the realm is the value of this header. | ||
# If there is no X-Account-Management header, the browser SHOULD discover the XRD Host Metadata for the domain of the resource. (as of this writing, this involves making an HTTP request to /.well-known/host-meta, or perhaps a DNS-based system TBD) | # If there is no <tt>X-Account-Management</tt> header, the browser SHOULD discover the XRD Host Metadata for the domain of the resource. (as of this writing, this involves making an HTTP request to /.well-known/host-meta, or perhaps a DNS-based system TBD). The user-agent may apply standard HTTP caching practices to this metadata file. | ||
Note that #2 means that an Account Management Realm defined in the Host Metadata applies to all resources on the host that do not provide an | Note that #2 means that an Account Management Realm defined in the Host Metadata applies to all resources on the host that do not provide an <tt>X-Account-Management</tt> header or a value in their HTML content. | ||
See also the discussion in Security Considerations, below. | See also the discussion in Security Considerations, below. |
edits