You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Moving query parameters from the request URI to the request body improves overall security, given that the request URI is often cached, stored, logged and otherwise potentially disclosed by intermediary systems. As a result, if PII or other sensitive information is included in the query section of an URI, it is at a higher risk when compared to when it is included in the request body.
A description of this advantage may be worth including.
The text was updated successfully, but these errors were encountered:
The security advantage mentioned here could also be viewed as a debug/development drawback because the server most of the time logs urls to have some insights on what was requested by the 'client'.
Related to the discussion in #1909. I agree with @candoumbe that if any advice is given, some pros and cons of both alternatives should probably be enumerated.
David Slik (https://lists.w3.org/Archives/Public/ietf-http-wg/2022JanMar/0081.html):
The text was updated successfully, but these errors were encountered: