From 005b00f532a5f78ea63ca9b145ea6ce98de0792f Mon Sep 17 00:00:00 2001
From: Sarven Capadisli <info@csarven.ca>
Date: Fri, 31 May 2024 13:04:09 +0200
Subject: [PATCH 1/2] Add advisement on applicability of security policy based
 on authentication state and resource semantics

Co-authored-by: Virginia Balseiro <info@virginiabalseiro.com>
---
 index.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.bs b/index.bs
index de21d44..d8a3ea9 100644
--- a/index.bs
+++ b/index.bs
@@ -115,6 +115,8 @@ The attacker writes a malicious `text/html` file to the server. Depending on the
 
 Servers are strongly encouraged to consider the countermeasures in the context of the use cases they want to enable or disable on a given storage. For instance, using `Content-Security-Policy: sandbox` will universally prohibit various functionalities for applications, including but not limited to accessing local storage, executing scripts, using forms, interacting with plugins, or including external content. This broad range of restrictions may not be desirable for various categories of applications that rely on client-side storage mechanisms, collaborative features, or dynamic content interaction.
 
+Servers are encouraged to check the applicability of security policies based on user's authentication state as well as resource semantics. Some attacks might only be applicable for authenticated requests, so restricting functionalities could unnecessarily prevent non-affected users from using certain features.
+
 ### Countermeasures ### {#serving-user-created-files-countermeasures}
 
 * Servers are encouraged to apply security measures when serving user-created files.

From 29b8326f0f420837b9ee248e9f3e2c71eff99176 Mon Sep 17 00:00:00 2001
From: Sarven Capadisli <info@csarven.ca>
Date: Wed, 5 Jun 2024 11:57:39 +0200
Subject: [PATCH 2/2] Update index.bs

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index d8a3ea9..acdc1d5 100644
--- a/index.bs
+++ b/index.bs
@@ -115,7 +115,7 @@ The attacker writes a malicious `text/html` file to the server. Depending on the
 
 Servers are strongly encouraged to consider the countermeasures in the context of the use cases they want to enable or disable on a given storage. For instance, using `Content-Security-Policy: sandbox` will universally prohibit various functionalities for applications, including but not limited to accessing local storage, executing scripts, using forms, interacting with plugins, or including external content. This broad range of restrictions may not be desirable for various categories of applications that rely on client-side storage mechanisms, collaborative features, or dynamic content interaction.
 
-Servers are encouraged to check the applicability of security policies based on user's authentication state as well as resource semantics. Some attacks might only be applicable for authenticated requests, so restricting functionalities could unnecessarily prevent non-affected users from using certain features.
+Servers are encouraged to check the applicability of security policies based on the user's authentication state as well as resource semantics. Some attacks might only be applicable for authenticated requests, so functionality restrictions could unnecessarily prevent non-affected users from using certain features.
 
 ### Countermeasures ### {#serving-user-created-files-countermeasures}