diff --git a/change-password-url.html b/change-password-url.html index d0f7696..a659f8c 100644 --- a/change-password-url.html +++ b/change-password-url.html @@ -5,12 +5,10 @@
Copyright © 2022 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and permissive document license rules apply.
+Copyright © 2024 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.
This document is governed by the 2 November 2021 W3C Process Document.
+This document is governed by the 03 November 2023 W3C Process Document.
This specification depends on the Infra Standard. [INFRA]
+This specification depends on the Infra Standard. [INFRA]
This specification uses terminology from the Fetch, HTML, HTTP, and -URL standards. [FETCH] [HTML] [HTTP-SEMANTICS] [URL]
+URL standards. [FETCH] [HTML] [HTTP-SEMANTICS] [URL]A change password url of an origin is a URL that points to a resource that clients can use to discover where a user should go to update their password on origin.
Given an origin, clients generate a change password url by running these steps:
@@ -561,19 +626,19 @@If origin is not a potentially trustworthy origin, return failure.
Assert: origin is a tuple origin.
+Assert: origin is a tuple origin.
Let url be a new URL
with values set as follows:
origin’s scheme
+origin’s scheme
origin’s host
+origin’s host
origin’s port
+origin’s port
« ".well-known", "change-password" ».
@@ -582,17 +647,17 @@Return url.
The change password url for origin "https://example.com/"
is "https://example.com/.well-known/change-password"
.
Servers should redirect HTTP requests for an origin’s change password url to the actual page on which users may change their password by returning a response with a redirect status of 302, 303, or 307, and a Location header. [FETCH] [HTTP-SEMANTICS] Clients must handle such redirects when requesting a change password url.
-Note: The above paragraph restricts servers to using temporary redirect codes. +
Servers should redirect HTTP requests for an origin’s change password url to the actual page on which users may change their password by returning a response with a redirect status of 302, 303, or 307, and a Location header. [FETCH] [HTTP-SEMANTICS] Clients must handle such redirects when requesting a change password url.
+Note: The above paragraph restricts servers to using temporary redirect codes. See Issue 13.
-If necessary, servers may respond with an HTML document containing an http-equiv
pragma directive in the refresh state. [HTML] Clients should handle such redirects when requesting a change password url.
If necessary, servers may respond with an HTML document containing an http-equiv
pragma directive in the refresh state. [HTML] Clients should handle such redirects when requesting a change password url.
Servers must not locate the actual change password page at the change password url, per RFC8615 §1.1 Appropriate Use of Well-Known URIs. Clients must handle ok status responses when requesting a change password url.
-Note: Implementations might want to use ToUnicode when displaying change password urls. [IDNA]
-Make use of test the reliability of an origin’s response status codes from [RESPONSE-CODE-RELIABILITY].
+Note: Implementations might want to use ToUnicode when displaying change password urls. [IDNA]
+Make use of test the reliability of an origin’s response status codes from [RESPONSE-CODE-RELIABILITY].
change-password
well-known URIThis document defines the “.well-known
” URI change-password
.
-This registration will be submitted to the IESG for review, approval, and registration with IANA using the template defined in [WELL-KNOWN] as follows:
Examples in this specification are introduced with the words “for example”
or are set apart from the normative text
with class="example"
,
@@ -648,20 +713,22 @@
Note, this is an informative note.
-Requirements phrased in the imperative as part of algorithms
+ Requirements phrased in the imperative as part of algorithms
(such as "strip any leading space characters"
or "return false and abort these steps")
are to be interpreted with the meaning of the key word
("must", "should", "may", etc)
used in introducing the algorithm. Conformance requirements phrased as algorithms or specific steps
+ Conformance requirements phrased as algorithms or specific steps
can be implemented in any manner,
so long as the end result is equivalent.
In particular, the algorithms defined in this specification
are intended to be easy to understand
and are not intended to be performant.
Implementers are encouraged to optimize. Conformant Algorithms
+