From 636356a1d184c091c20a86d9f4a78fc7b5221d2f Mon Sep 17 00:00:00 2001 From: Julian Reschke Date: Tue, 6 Apr 2021 13:25:25 +0100 Subject: [PATCH] Align prose about content in HEAD requests with description of GET (fixes #826) --- draft-ietf-httpbis-semantics-latest.xml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/draft-ietf-httpbis-semantics-latest.xml b/draft-ietf-httpbis-semantics-latest.xml index f7cb84cce..b3aa5fd96 100644 --- a/draft-ietf-httpbis-semantics-latest.xml +++ b/draft-ietf-httpbis-semantics-latest.xml @@ -4634,9 +4634,12 @@ Content-Encoding: gzip sake of efficiency. - A content within a HEAD request message has no defined semantics; - sending content in a HEAD request might cause some existing - implementations to reject the request. + A client &SHOULD-NOT; generate content in a HEAD + request. Content received in a HEAD request has no defined semantics, + cannot alter the meaning or target of the request, and might lead some + implementations to reject the request and close the connection because of + its potential as a request smuggling attack + (). The response to a HEAD request is cacheable; a cache &MAY; use it to @@ -13050,8 +13053,8 @@ Content-Type: text/plain () - Clarified that request bodies on GET and DELETE are not interoperable. - (, ) + Clarified that request bodies on GET, HEAD, and DELETE are not interoperable. + (, , ) Allowed use of the Content-Range header field @@ -13524,6 +13527,7 @@ Content-Type: text/plain
    +
  • In , align prose about content in HEAD requests with description of GET ()