* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #295: 295.diff

File 295.diff, 4.7 KB (added by julian.reschke@gmx.de, 3 years ago)

Proposed patch

  • p2-semantics.xml

     
    25892589   resource, or to redirect the recipient to a different location for 
    25902590   completion of the request. 
    25912591</t> 
     2592<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Location"/> 
     2593  <x:ref>Location</x:ref> = <x:ref>URI-reference</x:ref> 
     2594</artwork></figure> 
    25922595<t> 
    25932596   For 201 (Created) responses, the Location is the URI of the new resource 
    25942597   which was created by the request. For 3xx responses, the location &SHOULD; 
     
    25992602   The field value consists of a single URI-reference. When it has the form 
    26002603   of a relative reference (<xref target="RFC3986" x:fmt="," x:sec="4.2"/>), 
    26012604   the final value is computed by resolving it against the effective request 
    2602    URI (<xref target="RFC3986" x:fmt="," x:sec="5"/>). 
     2605   URI (<xref target="RFC3986" x:fmt="," x:sec="5"/>). If the original URI, as 
     2606   navigated to by the user agent, did contain a fragment identifier, and the 
     2607   final value does not, then the original URI's fragment identifier is added 
     2608   to the final value. 
    26032609</t> 
    2604 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Location"/> 
    2605   <x:ref>Location</x:ref> = <x:ref>URI-reference</x:ref> 
    2606 </artwork></figure> 
    26072610<figure> 
    2608 <preamble>Examples are:</preamble><!--DO NOT DARE changing the vertical spacing below, it's necessary this way for xml2rfc--> 
     2611<preamble>For example, the original URI "http://www.example.org/~tim", combined with a field value given as:</preamble><!--DO NOT DARE changing the vertical spacing below, it's necessary this way for xml2rfc--> 
    26092612<artwork type="example"> 
    2610   Location: http://www.example.org/pub/WWW/People.html#tim 
    2611 </artwork></figure><figure><artwork type="example">  Location: /index.html 
    2612 </artwork></figure> 
     2613  Location: /pub/WWW/People.html#tim 
     2614</artwork> 
     2615<postamble>would result in a final value of "http://www.example.org/pub/WWW/People.html#tim"</postamble> 
     2616</figure> 
     2617<figure> 
     2618<preamble>An original URI "http://www.example.org/index.html#larry", combined with a field value given as:</preamble><!--DO NOT DARE changing the vertical spacing below, it's necessary this way for xml2rfc--> 
     2619<artwork type="example"> 
     2620  Location: http://www.example.net/index.html 
     2621</artwork> 
     2622<postamble>would result in a final value of "http://www.example.net/index.html#larry", preserving the original fragment identifier.</postamble> 
     2623</figure> 
    26132624<x:note> 
    26142625  <t> 
    26152626    <x:h>Note:</x:h> Some recipients attempt to recover from Location fields 
     
    26252636</t> 
    26262637<x:note> 
    26272638  <t> 
    2628     <x:h>Note:</x:h> This specification does not define precedence rules 
    2629     for the case where the original URI, as navigated to by the user 
    2630     agent, and the Location header field value both contain fragment 
    2631     identifiers. Thus be aware that including fragment identifiers might 
    2632     inconvenience anyone relying on the semantics of the original URI's 
    2633     fragment identifier. 
    2634   </t> 
    2635 </x:note> 
    2636 <x:note> 
    2637   <t> 
    26382639    <x:h>Note:</x:h> The Content-Location header field (&header-content-location;) differs 
    26392640    from Location in that the Content-Location identifies the most specific 
    26402641    resource corresponding to the enclosed representation. 
     
    32833284</t> 
    32843285</section> 
    32853286 
    3286 <section title="Location Headers and Spoofing" anchor="location.spoofing"> 
     3287<section title="Location Header Fields and Spoofing" anchor="location.spoofing"> 
    32873288<t> 
    32883289   If a single server supports multiple organizations that do not trust 
    32893290   one another, then it &MUST; check the values of Location and Content-Location 
     
    32913292   said organizations to make sure that they do not attempt to 
    32923293   invalidate resources over which they have no authority. 
    32933294</t> 
     3295<t> 
     3296   Furthermore, appending the fragment identifier from one URI to another 
     3297   one obtained from a Location header field might leak confidential 
     3298   information to the target server &mdash; although the fragment identifier is 
     3299   not transmitted in the final request, it might be visible to the user agent 
     3300   through other means, such as scripting). 
     3301</t> 
    32943302</section> 
    32953303 
    32963304<section title="Security Considerations for CONNECT"> 
     
    46574665      "Requirements for user intervention during redirects" 
    46584666    </t> 
    46594667    <t> 
     4668      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/295"/>: 
     4669      "Applying original fragment to 'plain' redirected URI" 
     4670    </t> 
     4671    <t> 
    46604672      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/302"/>: 
    46614673      "Misplaced text on connection handling in p2" 
    46624674    </t>