deploy: 054e000

solid · May 31, 2024 · 8f43514 · 8f43514
1 parent 1e1c022
commit 8f43514
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/index.html b/index.html
@@ -8,7 +8,7 @@
   <meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator">
   <link href="https://solid.github.io/security-bp/" rel="canonical">
   <link href="https://solidproject.org/TR/solid.svg" rel="icon">
-  <meta content="a76624cbdc1f87c8a7ceb68288fc9195cb4e9885" name="document-revision">
+  <meta content="054e000f3e322cb8a9f667c040c4c2512ad94949" name="document-revision">
 <style>/* Boilerplate: style-autolinks */
 .css.css, .property.property, .descriptor.descriptor {
     color: var(--a-normal-text);
@@ -413,7 +413,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://solidproject.org/TR/"> <img alt="Solid" src="https://solid.github.io/solid-oidc/solid.svg" width="72"> </a> </p>
    <h1 class="p-name no-ref" id="title">Solid Security Considerations</h1>
-   <p id="w3c-state"><a href="https://www.w3.org/standards/types#CG-DRAFT">Draft Community Group Report</a>, <time class="dt-updated" datetime="2024-05-28">28 May 2024</time></p>
+   <p id="w3c-state"><a href="https://www.w3.org/standards/types#CG-DRAFT">Draft Community Group Report</a>, <time class="dt-updated" datetime="2024-05-31">31 May 2024</time></p>
    <details open>
     <summary>More details about this document</summary>
     <div data-fill-with="spec-metadata">
@@ -425,7 +425,7 @@ <h1 class="p-name no-ref" id="title">Solid Security Considerations</h1>
       <dt>Created:
       <dd>Feb 20, 2024
       <dt>Modified:
-      <dd>28 May 2024
+      <dd>31 May 2024
       <dt>Issue Tracking:
       <dd><a href="https://github.com/solid/security-bp/issues/">GitHub</a>
       <dt class="editor">Editor:
@@ -547,6 +547,7 @@ <h5 class="heading settled" data-level="1.2.2.2" id="attack①"><span class="sec
    </ol>
    <h3 class="heading settled" data-level="1.3" id="considerations"><span class="secno">1.3. </span><span class="content">Considerations</span><a class="self-link" href="#considerations"></a></h3>
    <p>Servers are strongly encouraged to consider the countermeasures in the context of the use cases they want to enable or disable on a given storage. For instance, using <code>Content-Security-Policy: sandbox</code> will universally prohibit various functionalities for applications, including but not limited to accessing local storage, executing scripts, using forms, interacting with plugins, or including external content. This broad range of restrictions may not be desirable for various categories of applications that rely on client-side storage mechanisms, collaborative features, or dynamic content interaction.</p>
+   <p>Servers are encouraged to check the applicability of security policies based on user’s authentication state as well as resource semantics. Some attacks might only be applicable for authenticated requests, so restricting functionalities could unnecessarily prevent non-affected users from using certain features.</p>
    <h4 class="heading settled" data-level="1.3.1" id="serving-user-created-files-countermeasures"><span class="secno">1.3.1. </span><span class="content">Countermeasures</span><a class="self-link" href="#serving-user-created-files-countermeasures"></a></h4>
    <ul>
     <li data-md>