-
Notifications
You must be signed in to change notification settings - Fork 146
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
query: add CORS consirations (fixes #2898)
- Loading branch information
Showing
1 changed file
with
17 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -482,9 +482,8 @@ Dubois, Camille, [email protected] | |
| considerations as all HTTP methods as described in | ||
| <xref target="HTTP"/>. | ||
| </t> | ||
|
|
||
| <t> | ||
| The QUERY method can be used as an alternative to passing request | ||
| It can be used as an alternative to passing request | ||
| information in the URI (e.g., in the query section). This is preferred in some | ||
| cases, as the URI is more likely to be logged or otherwise processed | ||
| by intermediaries than the request content. | ||
|
|
@@ -494,6 +493,13 @@ Dubois, Camille, [email protected] | |
| resource &SHOULD; be chosen such that it does not include any sensitive | ||
| portions of the original request content. | ||
| </t> | ||
| <t> | ||
| A QUERY request from user agents implementing CORS (Cross-Origin Resource Sharing) | ||
| will require a "preflight" request, | ||
| as QUERY does not belong to the set of CORS-safelisted methods | ||
| (see "<eref target="https://fetch.spec.whatwg.org/#methods">Methods</eref>" in | ||
| <xref target="FETCH"/>). | ||
| </t> | ||
| </section> | ||
|
|
||
| <section title="IANA Considerations" anchor="iana.considerations"> | ||
|
|
@@ -580,6 +586,14 @@ Dubois, Camille, [email protected] | |
| <seriesInfo name="RFC" value="9111"/> | ||
| </reference> | ||
| </references> | ||
| <references title="Informative References"> | ||
| <reference anchor="FETCH" target="https://fetch.spec.whatwg.org"> | ||
| <front> | ||
| <title>FETCH</title> | ||
| <author><organization>WHATWG</organization></author> | ||
| </front> | ||
| </reference> | ||
| </references> | ||
|
|
||
| <section title="Change Log" anchor="change.log" removeInRFC="true"> | ||
| <section title="Since draft-ietf-httpbis-safe-method-w-body-00" anchor="changes.since.00"> | ||
|
|
@@ -624,6 +638,7 @@ Dubois, Camille, [email protected] | |
| <li>Updated language and examples about redirects and method rewriting (<eref target="https://github.com/httpwg/http-extensions/issues/1917"/>)</li> | ||
| <li>Add QUERY example to introduction (<eref target="https://github.com/httpwg/http-extensions/issues/2171"/>)</li> | ||
| <li>Update "Sensitive information in QUERY URLs" (<eref target="https://github.com/httpwg/http-extensions/issues/2853"/>)</li> | ||
| <li>Add CORS considerations (<eref target="https://github.com/httpwg/http-extensions/issues/2898"/>)</li> | ||
| <li>Field registration for "Accept-Query" (<eref target="https://github.com/httpwg/http-extensions/issues/2903"/>)</li> | ||
| </ul> | ||
| </section> | ||
|
|
||