On Hacker News
So You Want to Define a Well-Known URI
Read the full article on mnot.net ↗58
points
28
comments
1
notable voices
The 5-second version
- Well-known URIs are best when a client already knows a site and needs to discover or interact with something site-wide efficiently, like robots.txt or change-password endpoints.
- Don't use well-known URIs just for legitimacy, adoption boosting, or as URL shorteners—registration isn't a credential and creates unnecessary deployment rigidity if your protocol can carry full URLs.
- Be careful using well-known URIs for discovery because user interaction scope may not match where discovery happens, especially with subdomains or when protocols merely leverage HTTP for non-Web purposes.
- Content metadata in well-known locations creates a convenience-versus-granularity tradeoff that can exclude multi-publisher sites or require complex infrastructure, often necessitating parallel metadata mechanisms.
- Not all sites are single-homogeneous entities, so assumptions about site architecture can create significant interoperability and operational complications when defining well-known locations.
Top voices
Verbatim comments from the thread's most notable / highest-karma participants.
well-known is for programmatic access, it either namespaces something you’re told to look for (e.g. various types of domain markers) or it lets you discover a feature / endpoint. In the latter case you just probe, for instance if you’re a password manager and you have a password for site A you hit A/.well-known/change-password and if they returns something you can surface a change password link to your user. The one you found is for OIDC provider discovery (https://openid.net/specs/openid-conn…Read on HN ↗
networked15.6k karma
Google has recently added `llms.txt` to Chrome Lighthouse (https://searchengineland.com/google-llms-txt-chrome-lighthou...), so adoption may be coming. Admittedly, I put more faith in <link rel="alternate" type="text/markdown" href="https://example.com/index.md" title="Markdown version of the index page"> that I copied from Gwern.net. This convention is more discoverable and naturally adapts to any website size and structure. I have created an `llms.txt` for my website just in case. I use a…Read on HN ↗
It’s just easier for everybody to implement. Password manager opens https://<some-website>/.well-known/change-password in the user’s browser, it gets redirected to the actual page where password change form is located. You could make the password manager look it up in a link tree and then open a correct page, yes, but... > I guess the more flexible it is, the harder adoption becomes Yeah. If there is one account management related URL that password managers care about, it’s the change password…Read on HN ↗
russellbeattie4.3k karma
Whoever decided it would be a good idea for ".well-known" to be a "hidden" directory is a complete fool. All it does is provide the opportunity for confusion, misconfiguration, skipped backups, missed git check-ins, forgotten updates and more. Literally the only people a folder like that is hidden from is the whoever is managing the web server. Sure, if everyone knows what they're doing, it's not a problem. But we all know how long that assumption lasts.Read on HN ↗