Proposal: send feedback from nodosdeconocimiento.es to seedteamtalks.hyper.media

We want users visiting:

https://nodosdeconocimiento.es/feedback

to submit feedback about nodosdeconocimiento.es, while the resulting private Seed documents are created under:

seedteamtalks.hyper.media

Users should not need write permission on seedteamtalks.hyper.media.

Current issue

The current implementation publishes directly from the browser.

That means the browser user signs the document creation request and publishes the private document into the target Seed account.

This only works if the user has write capability on that target account.

For this feedback flow, that does not fit: users submitting feedback should not need write access to seedteamtalks.hyper.media.

Proposed approach

The /feedback page should submit the form to a server endpoint on the same site:

POST /hm/api/feedback

The server receives the structured feedback payload, validates it, and then creates the private Seed document under the Seed Team Talks account.

The flow becomes:

1. User opens https://nodosdeconocimiento.es/feedback
2. User fills the feedback form
3. Browser sends the feedback to /hm/api/feedback
4. The server validates the submission
5. The server publishes a private document under seedteamtalks.hyper.media
6. The user sees a thank-you confirmation

Why this is better

This avoids requiring each submitting user to have write access to the feedback destination.

It also keeps the browser flow simple:

POST /hm/api/feedback

Benefits:

  • no cross-origin browser complications

  • no need to grant users write access to Seed Team Talks

  • easier local testing

  • clearer security model

  • feedback is centralized in one Seed Team Talks location

  • the user experience remains native to nodosdeconocimiento.es

Server permissions

The nodosdeconocimiento.es server must be authorized to publish into the Seed Team Talks account, by granting the server signer write capability on the Seed Team Talks account

Configuration

The web config should include both:

{
  "registeredAccountUid": "NODOS_SITE_ACCOUNT_UID",
  "feedbackDestinationAccountUid": "SEED_TEAM_TALKS_ACCOUNT_UID",
  "feedbackDestinationLabel": "seedteamtalks.hyper.media"
}

registeredAccountUid remains the account for the site being served:

nodosdeconocimiento.es

feedbackDestinationAccountUid is the account where feedback documents are created:

seedteamtalks.hyper.media

Created document content

Each private feedback document should clearly record what the feedback is about:

Tipo: Feedback
Formulario: /feedback
Origen: Formulario web
Página evaluada: nodosdeconocimiento.es
URL: https://nodosdeconocimiento.es/
Guardado en: seedteamtalks.hyper.media
Visibilidad: Privado
Fecha de envío: ...

Then the document should include the non-empty form answers.

Frontend behavior

The /feedback page should no longer require the user to have write capability on the feedback destination.

Instead:

  • user fills out the form

  • submit button sends the structured payload to /hm/api/feedback

  • server handles the private document creation

  • success state confirms the feedback was received

  • the UI does not need to show a private document link unless the user is allowed to view that document

Authentication decision

This architecture can support either authenticated or anonymous submissions.

If submissions should be authenticated, the server endpoint should verify the user session before accepting feedback.

If anonymous submissions are acceptable, the endpoint can accept the feedback payload directly, with rate limiting or spam protection added later.

Summary

The feedback flow should move from browser-side document publishing to server-side document creation.

Users submit feedback through nodosdeconocimiento.es, and the server creates a private Seed document under seedteamtalks.hyper.media.

This gives us centralized feedback collection without requiring users to have write access to the destination Seed account.

Do you like what you are reading? Subscribe to receive updates.

Unsubscribe anytime