query: Added Security Consideration with respect to Normalization (cl…

…oses #2896)
httpwg · Nov 20, 2024 · 61ebb40 · 61ebb40
1 parent 12995c3
commit 61ebb40
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/draft-ietf-httpbis-safe-method-w-body.xml b/draft-ietf-httpbis-safe-method-w-body.xml
@@ -361,6 +361,11 @@ Accept-Query = 1#media-type
       resource &SHOULD; be chosen such that it does not include any sensitive
       portions of the original request content.
     </t>
+    <t>
+      Caches that normalize QUERY content incorrectly or in ways that are
+      significantly different than how the resource processes the content
+      can return the incorrect response if normalization results in a false positive.
+    </t>
     <t>
       A QUERY request from user agents implementing CORS (Cross-Origin Resource Sharing)
       will require a "preflight" request,
@@ -681,6 +686,7 @@ Dubois, Camille, camille.dubois@example.net
   <li>Improve language about sensitive information in URIs (<eref target="https://github.com/httpwg/http-extensions/issues/1895"/>)</li>
   <li>Clarified description of conditional queries (<eref target="https://github.com/httpwg/http-extensions/issues/1917"/>)</li>
   <li>Editorial changes to Introduction (ack Will Hawkins, <eref target="https://github.com/httpwg/http-extensions/pull/2859"/>)</li>
+  <li>Added Security Consideration with respect to Normalization (<eref target="https://github.com/httpwg/http-extensions/issues/2896"/>)</li>
   <li>Added CORS considerations (<eref target="https://github.com/httpwg/http-extensions/issues/2898"/>)</li>
   <li>SQL media type is application/sql (RFC6922) (<eref target="https://github.com/httpwg/http-extensions/issues/2936"/>)</li>
   <li>Added overview table to introduction (<eref target="https://github.com/httpwg/http-extensions/issues/2951"/>)</li>