Can XRPC responses be redirects?

[DavidBuchanan314]

For example, someone might want to implement getBlob by 301 redirecting to an S3 URL (or a CDN), rather than having to fetch the blob themselves and forwarding it. Is this allowed? (And, by extension, are XRPC clients expected to follow redirects?)

[bnewbold]

The current version of the XRPC spec doc (https://atproto.com/specs/xrpc) leaves this ambiguous and there is an explicit "Possible Future Change":

An explicit decision about whether HTTP redirects are supported.

Some arguments against: IIRC we disallowed or strongly recommended against redirects in an earlier version. There was also a convention of requiring specifically HTTP 200 from some simple endpoints as a way to check if atproto is supported at all. A common pattern on the open web is having all unknown paths redirect to a home page or something like that: if we allow redirects, we may need some explicit signal that "yes, you are talking to an XRPC endpoint" (eg, an HTTP header).

And for: redirects sure are helpful in a bunch of contexts; it would be kind of un-webby to not support them; realistically most HTTP libraries and atproto client libs already support them today, etc.

My personal feeling is that we will probably explicitly support them, but should include a bunch of best practices (like number of hops) when we do. This is not a consensus decision yet. We intend to have a more formal governance process for coming to consensus with folks outside the core team soon, but after the v1 federation details are worked out (our current focus).