Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

should or SHOULD #2981

Closed
sbingler opened this issue Jan 28, 2025 · 2 comments · Fixed by #2985
Closed

should or SHOULD #2981

sbingler opened this issue Jan 28, 2025 · 2 comments · Fixed by #2985
Assignees
@mikewest
Labels
6265bis

Comments

@sbingler
Copy link
Collaborator

Comment by @fpalombini

Section 5.6.7.1:

When possible, developers should use a session management mechanism such as that described in Section 8.8.2 to mitigate the risk of CSRF more completely.

Is this a should or a BCP14 SHOULD?
@sbingler
Copy link
Collaborator Author

@mikewest I expect this is a non-BCP14 "should" but since you wrote the section can you confirm?

@mikewest
Copy link
Member

It's more of an RFC6919 "OUGHT TO", really. :)

We could reframe this to "Developers can more completely mitigate CSRF through a ..." without losing any meaning.

@mikewest mikewest mentioned this issue Jan 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikewest mikewest

Labels
6265bis
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RFC6265bis] Editorial: drop a non-normative "should". httpwg/http-extensions
2 participants
@mikewest @sbingler