dotnet · dotnet-policy-service · Mar 27, 2025 · Aug 17, 2024 · Mar 26, 2025 · Mar 26, 2025
diff --git a/xml/System.Net.Http/HttpClientHandler.xml b/xml/System.Net.Http/HttpClientHandler.xml
@@ -138,8 +138,8 @@
  If you are using cookies by specifically adding them to the <xref:System.Net.Http.HttpRequestMessage.Headers> collection, these are not cleared when a redirect is followed, as the handler has no way of knowing what domain a cookie is allowed for. If you want to mimic browser behavior, use the <xref:System.Net.CookieContainer> class which allows you to specify the target domain for a cookie.
 
 > [!NOTE]
->  With <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> set to `true`, the .NET Framework will follow redirections even when being redirected to an HTTP URI from an HTTPS URI.
-.NET Core versions 1.0, 1.1 and 2.0 will not follow a redirection from HTTPS to HTTP even if <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> is set to `true`.
+> On .NET Core and .NET 5 and later versions, setting <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect> to `true` **does not enable** automatic redirection to an HTTP URI from an HTTPS URI.
+> Such (secure to insecure) redirections are only followed on .NET Framework.
 
  ]]></format>
         </remarks>

diff --git a/xml/System.Runtime.CompilerServices/UnsafeAccessorAttribute.xml b/xml/System.Runtime.CompilerServices/UnsafeAccessorAttribute.xml
@@ -44,7 +44,7 @@ The first argument must be passed as `ref` for instance fields and methods on st
 
 The value of the first argument is not used by the implementation for `static` fields and methods and can be `null`.
 
-The return value for an accessor to a field can be `ref` if setting of the field is desired.
+The return value for an accessor to a field must be passed as `ref`.
 
 Constructors can be accessed using <xref:System.Runtime.CompilerServices.UnsafeAccessorKind.Constructor> or <xref:System.Runtime.CompilerServices.UnsafeAccessorKind.Method>.