HTTP 307. duplicate normative statements - Githubissues

oauth-wg / oauth-v2-1

OAuth 2.1 is a consolidation of the core OAuth 2.0 specs

https://oauth.net/2.1/

Other

52 stars 27 forks source link

HTTP 307. duplicate normative statements #116

Closed ioggstream closed 1 year ago

ioggstream commented 2 years ago

I expect

no duplicate normative statements
state the normative sentences first, and once
then explain

An AS which redirects a request that potentially contains user
credentials MUST NOT use the 307 status code (see {{Section 15.4.8 of RFC9110}}) for
redirection.

The RECOMMENDED status code for HTTP redirects is 303.

...

Instead

If an HTTP redirection (and not, for example,
JavaScript) is used for such a request, AS SHOULD use the status
code 303 "See Other".
...
Therefore, the RECOMMENDED status code for HTTP redirects is 303.