Skip to content

Commit

Permalink
query: add CORS consirations (fixes #2898)
Browse files Browse the repository at this point in the history
  • Loading branch information
reschke committed Nov 15, 2024
1 parent b87c399 commit 806f026
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions draft-ietf-httpbis-safe-method-w-body.xml
Original file line number Diff line number Diff line change
Expand Up @@ -482,9 +482,8 @@ Dubois, Camille, [email protected]
considerations as all HTTP methods as described in
<xref target="HTTP"/>.
</t>

<t>
The QUERY method can be used as an alternative to passing request
It can be used as an alternative to passing request
information in the URI (e.g., in the query section). This is preferred in some
cases, as the URI is more likely to be logged or otherwise processed
by intermediaries than the request content.
Expand All @@ -494,6 +493,13 @@ Dubois, Camille, [email protected]
resource &SHOULD; be chosen such that it does not include any sensitive
portions of the original request content.
</t>
<t>
A QUERY request from user agents implementing CORS (Cross-Origin Resource Sharing)
will require a "preflight" request,
as QUERY does not belong to the set of CORS-safelisted methods
(see "<eref target="https://fetch.spec.whatwg.org/#methods">Methods</eref>" in
<xref target="FETCH"/>).
</t>
</section>

<section title="IANA Considerations" anchor="iana.considerations">
Expand Down Expand Up @@ -580,6 +586,14 @@ Dubois, Camille, [email protected]
<seriesInfo name="RFC" value="9111"/>
</reference>
</references>
<references title="Informative References">
<reference anchor="FETCH" target="https://fetch.spec.whatwg.org">
<front>
<title>FETCH</title>
<author><organization>WHATWG</organization></author>
</front>
</reference>
</references>

<section title="Change Log" anchor="change.log" removeInRFC="true">
<section title="Since draft-ietf-httpbis-safe-method-w-body-00" anchor="changes.since.00">
Expand Down Expand Up @@ -623,6 +637,7 @@ Dubois, Camille, [email protected]
<li>Updated language and examples about redirects and method rewriting (<eref target="https://github.com/httpwg/http-extensions/issues/1917"/>)</li>
<li>Add QUERY example to introduction (<eref target="https://github.com/httpwg/http-extensions/issues/2171"/>)</li>
<li>Update "Sensitive information in QUERY URLs" (<eref target="https://github.com/httpwg/http-extensions/issues/2853"/>)</li>
<li>Add CORS considerations (<eref target="https://github.com/httpwg/http-extensions/issues/2898"/>)</li>
<li>Field registration for "Accept-Query" (<eref target="https://github.com/httpwg/http-extensions/issues/2903"/>)</li>
</ul>
</section>
Expand Down

0 comments on commit 806f026

Please sign in to comment.