-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refine assertions around 3xx redirect responses #246
Comments
Note that the assertions in WoT Discovery are in the context of security bootstrapping, which is about getting access to the Thing Description itself, rather than the endpoints described in Forms necessarily. However, the same conflict could equally apply to any Thing which uses the It's possible there may be other use cases for 3xx responses too, such as the one I described in #194. |
Arch call on July 20th: |
Another valid use case of 3xx responses is redirects which strip a trailing slash from a URL, e.g. from |
Refine assertions around 3xx redirect responses - closes #246
PR #194 added an assertion to section 7.2.8.3 Error Responses which disallows 3xx redirect responses by Web Things in order to close issue #151.
Disallowing 3xx responses altogether may conflict with assertions in section 7.1.2 Security Bootstrapping the WoT Discovery specification which defines circumstances under which 302 and 303 responses MUST be used.
I see that an Editor's Note was already added by @mmccool in 93ac9b4 which highlights this potential conflict, but I couldn't fine an issue tracking it, which is why I've filed this one.
Note that there's also an editor's note I previously added about 3xx redirect responses which will also need removing once this is resolved.
The text was updated successfully, but these errors were encountered: