Add suggestion of returning a 401 for non-/login requests

pull/977/head
Richard van der Hoff 6 years ago
parent f7c7a74092
commit b95d5724a4

@ -26,6 +26,12 @@ clients to an alternative homeserver after login. Clients SHOULD use the
provided `well_known` object to reconfigure themselves, optionally validating the provided `well_known` object to reconfigure themselves, optionally validating the
URLs within. URLs within.
Note: a server that redirects all clients to different servers must nonetheless
consider clients making requests other than `/login`: for example, some clients
may fail to support redirection. It is acceptable in such a case to return a
401 response to all non-`/login` requests if the service does not wish to
support such clients.
## Application ## Application
Let's imagine for this description that our organisation is the University of Let's imagine for this description that our organisation is the University of

Loading…
Cancel
Save