From e33f7d2e227c032f13fc9df6a1a4f39a9d8a890e Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Thu, 5 Dec 2024 18:02:02 +0200 Subject: [PATCH] Clarify wording --- 5.0/en/0x21-V13-API.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.0/en/0x21-V13-API.md b/5.0/en/0x21-V13-API.md index b7f4f381ca..a6626f77a8 100644 --- a/5.0/en/0x21-V13-API.md +++ b/5.0/en/0x21-V13-API.md @@ -21,7 +21,7 @@ This is a placeholder for future documentation requirements. | **13.1.5** | [DELETED, INSUFFICIENT IMPACT] | | | | | | **13.1.6** | [MODIFIED, MOVED FROM 13.2.6, LEVEL L2 > L3] Verify that per-message digital signatures are used to provide additional assurance on top of transport protections for requests or transactions which are highly sensitive or which traverse a number of systems. | | | ✓ | 345 | | **13.1.7** | [MODIFIED, MOVED FROM 14.4.1] Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml". | ✓ | ✓ | ✓ | 173 | -| **13.1.8** | [ADDED] Verify that HTTPS-based endpoints will respond to non-encrypted HTTP requests with either an error or no response. It must not respond with a redirect to the HTTPS endpoint to avoid clients accidentally sending data over plaintext HTTP, but this not being discovered due to an automatic redirect. | ✓ | ✓ | ✓ | | +| **13.1.8** | [ADDED] Verify that HTTPS-based endpoints will only respond to non-encrypted HTTP requests with an error or will not respond at all. Responding with an automatic redirect to the HTTPS endpoint may lead to clients accidentally sending data over non-encrypted HTTP, but this is not being discovered. | | ✓ | ✓ | | ## V13.2 Web Services