Skip to content

Commit

Permalink
Add no redirect to HTTPS to resolve #2416 (#2432)
Browse files Browse the repository at this point in the history
  • Loading branch information
tghosth authored Dec 5, 2024
1 parent 41f7d9a commit 66da30f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 5.0/en/0x21-V13-API.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ This is a placeholder for future documentation requirements.
| **13.1.5** | [DELETED, INSUFFICIENT IMPACT] | | | | |
| **13.1.6** | [MODIFIED, MOVED FROM 13.2.6, LEVEL L2 > L3] Verify that per-message digital signatures are used to provide additional assurance on top of transport protections for requests or transactions which are highly sensitive or which traverse a number of systems. | | || 345 |
| **13.1.7** | [MODIFIED, MOVED FROM 14.4.1] Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml". |||| 173 |
| **13.1.8** | [ADDED] Verify that HTTPS-based endpoints will only respond to non-encrypted HTTP requests with an error or will not respond at all. Responding with an automatic redirect to the HTTPS endpoint may lead to clients accidentally sending data over non-encrypted HTTP, but this is not being discovered. | ||| |

## V13.2 Web Services

Expand Down

0 comments on commit 66da30f

Please sign in to comment.