| ▲ | Avamander 3 hours ago | |
Servers can communicate their preference in terms of CAs they want. But the UX in browsers is unbelievably horrible for no good reason. Not only is it difficult for an user to make a proper selection, it's also hard to fix a wrong one. The error pages are also terrible. There's no way for the site owner to request that when the navigation to the (auth) page fails, redirect back. Nope, no way to do error handling without some really clever iframe stuff and even then it's way too opaque. God forbid you have to deal with CORS + mTLS. | ||
| ▲ | elevation 2 hours ago | parent [-] | |
> God forbid you have to deal with CORS + mTLS As someone who is about to deal with exactly this, what kind of trouble am I in for? | ||