From 6bd3ac0fe93d3908db23c1bc61382aa72df174bf Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Fri, 18 Oct 2024 00:25:21 +0200
Subject: [PATCH] Redirects

- resolves oasis-tcs/csaf#798
- add sentence about max redirects
---
 csaf_2.1/prose/edit/src/distributing.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/csaf_2.1/prose/edit/src/distributing.md b/csaf_2.1/prose/edit/src/distributing.md
index 954498e5..6846e9a0 100644
--- a/csaf_2.1/prose/edit/src/distributing.md
+++ b/csaf_2.1/prose/edit/src/distributing.md
@@ -50,6 +50,8 @@ Redirects SHOULD NOT be used. If they are inevitable only HTTP Header redirects
 
 > Reasoning: Clients should not parse the payload for navigation and some, as e.g. `curl`, do not follow any other kind of redirects.
 
+If any redirects are used, there SHOULD not be more than 5 and MUST NOT be more than 10 consecutive redirects.
+
 ### Requirement 7: provider-metadata.json
 
 The party MUST provide a valid `provider-metadata.json` according to the schema