From c390bc2af0e8ce9ce5ea0c1ce97077c3e73344a0 Mon Sep 17 00:00:00 2001
From: Mike West <mkwst@google.com>
Date: Tue, 20 Jul 2021 11:28:35 +0200
Subject: [PATCH] Noting redirect behavior for directly user-initiated
 requests.

Closes #39.
---
 index.bs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/index.bs b/index.bs
index c67fead..7778277 100644
--- a/index.bs
+++ b/index.bs
@@ -332,6 +332,12 @@ redirects all the way back to `https://example.com/`, the final request's `Sec-F
 value would still be `cross-site` (as the redirect chain includes `https://example.net/`, which is
 still not same-site with the other URLs.
 
+Note: For the special case of `Sec-Fetch-Site: None`, it seems reasonable to maintain that value
+through redirects in order to support the common case of copy/pasting shortlinks into the address
+bar. That is, if a user agent chooses to treat an address-bar navigation to `https://sho.rt/link`
+as `Sec-Fetch-Site: none`, a post-redirect navigation to `https://target.com/long/path/goes/here`
+should likewise assert `Sec-Fetch-Site: none`. 
+
 The `Sec-` Prefix {#sec-prefix}
 -------------------------------