You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Servers must not locate the actual change password page at the change password url, per RFC8615 §1.1 Appropriate Use of Well-Known URIs.
In PR #17, the reference was updated from the obsolete RFC 5785 to the current RFC 8615, leaving the section reference unchanged. However, 8615 does not contain a section 1.1, nor does it contain any section directly addressing the appropriate use of well-known URIs.
The best reference I can find in 8615 to support this spec prohibiting servers from locating the resource itself at the well-known URI is section 1, in which the RFC implies that well-known URIs are for metadata (only?): the penultimate paragraph includes "Future specifications that need to define a resource for such metadata [...]".
In section 3:
In PR #17, the reference was updated from the obsolete RFC 5785 to the current RFC 8615, leaving the section reference unchanged. However, 8615 does not contain a section 1.1, nor does it contain any section directly addressing the appropriate use of well-known URIs.
The best reference I can find in 8615 to support this spec prohibiting servers from locating the resource itself at the well-known URI is section 1, in which the RFC implies that well-known URIs are for metadata (only?): the penultimate paragraph includes "Future specifications that need to define a resource for such metadata [...]".
See also issue #9.
The text was updated successfully, but these errors were encountered: