Align prose about content in HEAD requests with description of GET (f…

…ixes #826)
httpwg · Apr 6, 2021 · 636356a · 636356a
1 parent 22efd1f
commit 636356a
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/draft-ietf-httpbis-semantics-latest.xml b/draft-ietf-httpbis-semantics-latest.xml
@@ -4634,9 +4634,12 @@ Content-Encoding: gzip
    sake of efficiency.
 </t>
 <t>
-   A content within a HEAD request message has no defined semantics;
-   sending content in a HEAD request might cause some existing
-   implementations to reject the request.
+   A client &SHOULD-NOT; generate content in a HEAD
+   request. Content received in a HEAD request has no defined semantics,
+   cannot alter the meaning or target of the request, and might lead some
+   implementations to reject the request and close the connection because of
+   its potential as a request smuggling attack
+   (<xref target="request.smuggling"/>).
 </t>
 <t>
    The response to a HEAD request is cacheable; a cache &MAY; use it to
@@ -13050,8 +13053,8 @@ Content-Type: text/plain
    (<xref target="idempotent.methods"/>)
 </t>
 <t>
-   Clarified that request bodies on GET and DELETE are not interoperable.
-   (<xref target="GET"/>, <xref target="DELETE"/>)
+   Clarified that request bodies on GET, HEAD, and DELETE are not interoperable.
+   (<xref target="GET"/>, <xref target="HEAD"/>, <xref target="DELETE"/>)
 </t>
 <t>
    Allowed use of the <x:ref>Content-Range</x:ref> header field
@@ -13524,6 +13527,7 @@ Content-Type: text/plain
 
 <section title="Since draft-ietf-httpbis-semantics-15" anchor="changes.since.15">
 <ul x:when-empty="None yet.">
+  <li>In <xref target="HEAD"/>, align prose about content in HEAD requests with description of GET (<eref target="https://github.com/httpwg/http-core/issues/826"/>)</li>
 </ul>
 </section>
 </section>