5. Security Considerations

5. Security Considerations

The "application/merge-patch+json" media type allows user agents to indicate their intention for the server to determine the specific set of change operations to be applied to a target resource. As such, it is the server's responsibility to determine the appropriateness of any given change as well as the user agent's authorization to request such changes. How such determinations are made is considered out of the scope of this specification.

All of the security considerations discussed in Section 5 of [RFC5789] apply to all uses of the HTTP PATCH method with the "application/merge-patch+json" media type.