The Creating Resources section says that a Location header SHOULD be sent on a 201 response.
But RFC 7231 § 6.3.2 says:
The primary resource created by the request is identified by either a Location header field in the response or, if no Location field is received, by the effective request URI.
A (hypothetical) implementation of this RFC 7231 text would infer the wrong URI from JSON API’s 201 response without Location.
Therefore, I think the requirement for Location should be elevated to a MUST to avoid confusing implementors. This is a backward-compatible change.
Edited to add: Maybe I got backward compatibility wrong. If you want every server compliant to 1.0 to also be compliant to 1.1, then that would break it. Then maybe just include a note along the lines of:
If you choose not to send
Locationwith a 201 response, you will violate RFC 7231 § 6.3.2.