Refine assertions around 3xx redirect responses - closes w3c#246

benfrancis · Aug 31, 2022 · afe307e · afe307e
1 parent 7359f63
commit afe307e
Showing 1 changed file with 6 additions and 25 deletions.
diff --git a/index.html b/index.html
@@ -1796,31 +1796,12 @@ <h2>Errors</h2>
         </ul>
       </div>
       <p>
-        <span class="rfc2119-assertion" id="common-constraints-errors-3">
-          A Web Thing MUST NOT issue any 3xx status codes.</span>
-        <span class="rfc2119-assertion" id="common-constraints-errors-4">
-          A Consumer MAY treat all 3xx codes as errors that do not change the status or behavior
-          of the consumer.</span>
-      </p>
-      <p>
-        <span class="rfc2119-assertion" id="common-constraints-errors-5">
-          Web Things MAY respond with other valid HTTP error codes
-          (e.g. <code>418 I'm a teapot</code>).</span>
-        <span class="rfc2119-assertion" id="common-constraints-errors-6">
-          Consumers MAY interpret other valid HTTP error codes as a generic <code>4xx</code> or <code>5xx</code>
-          error with no special defined behaviour.</span>
-      </p>
-      <p class="ednote">
-        <!-- <span id="profile-5-2-4-thing-protocol-binding-error-responses-6"> -->
-        TODO: If we define the finite set of error responses as above then we
-        should also define what a Consumer should do if it receives a 3xx
-        redirect type response.
-        <!-- </span> -->
-      <p class="ednote">
-        It turns out 3xx redirection codes are used as part of some OAuth2 flows, so it may be
-        in appropriate to disallow them generally. See the "Security Bootstrapping" section of
-        WoT Discovery.
-      </p>
+        <span class="rfc2119-assertion" id="profile-5-2-4x-thing-protocol-binding-error-responses-2">
+          A Web Thing MAY respond with 3xx status codes for the purposes of
+          redirection, caching or authentication.</span>
+        <span class="rfc2119-assertion" id="profile-5-2-4x-thing-protocol-binding-error-responses-3">
+          A Web Thing MUST NOT respond with a <code>300 Multiple Choices</code>
+          status code.</span>
       </p>
       <p>
         <span class="rfc2119-assertion" id="common-constraints-errors-7">