Skip to content

Commit

Permalink
[optimistic-upgrade] Recommend GET for future Upgrade Tokens
Browse files Browse the repository at this point in the history
Fixes #2738
  • Loading branch information
bemasc committed Jul 11, 2024
1 parent d51a203 commit 4c27424
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions draft-ietf-httpbis-optimistic-upgrade.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,12 @@ There are now several good examples of designs that prevent the security concern

Future specifications for Upgrade Tokens MUST account for the security issues discussed here and provide clear guidance on how clients can avoid them.

## Use of Request Bodies with Upgrade

With the deprecations noted in this document, all remaining HTTP Upgrade Tokens apply only to GET requests with an empty body. While HTTP Upgrade is well-defined for requests using any HTTP method, with or without a request body, implementation of Upgrade with a request body may be more difficult.

Future specifications for Upgrade Tokens SHOULD restrict their usage to GET requests if possible, for consistency and simplicity.

# IANA Considerations

This document requests the following modifications to the Hypertext Transfer Protocol (HTTP) Upgrade Token Registry:
Expand Down

0 comments on commit 4c27424

Please sign in to comment.