Add security considerations from CORS.

solid · Jul 18, 2019 · 183b7c5 · 183b7c5
1 parent f9f297d
commit 183b7c5
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/main/security.bs b/main/security.bs
@@ -3,6 +3,33 @@ Security Considerations {#security}
 
 Issue: Write Security Considerations section.
 
+Solid data pods [disable all cross-origin protections](#cors-server) in browsers
+because resource access is governed explicitly by [Web Access Control](#wac).
+As such,
+data pods MUST NOT rely on cross-origin protection
+for shielding access to resources.
+While this ensures that unauthorized resource access will not occur,
+additional security measures MAY be needed
+to prevent metadata in error responses from leaking.
+For instance,
+a malicious app could probe multiple servers
+to check whether the response status code is `401` or `403`,
+or could try to access an error page
+from an intranet server within the user agent's private network
+to extract company names or other data.
+To mitigate this,
+when a request from an untrusted the `Origin` arrives,
+the data pod MAY set the status code of error responses to `404`
+and/or anonymize or censor their contents.
+
+A data pod MUST NOT assume that the user agent is a regular Web browser,
+even when requests contain familiar values
+in headers such as `User-Agent` or `Origin`.
+
+
 ## Privacy Considerations ## {#privacy}
 
 Issue: Write Privacy Considerations section.
+
+In order to prevent leakage of non-resource data,
+error responses SHOULD NOT contain identifiable information.