Stefan Eissing schrieb: > ... > What I mean is that XHR would have the following behavior: > - Implement a "whitelist" of methods and uses which are known to be "safe" > - For all methods outside of this, let XHR ask the server if it ok. For > example, let XHR send an OPTION request and look for an XHR-Allow > header, listing the methods allowed to XHR. (or whatever, the key is > that the server is in control) > > Seems to me that this approach puts server application developers in the > driver seat and lets browser developers stay safe by default, no matter > what future http will bring. Can you give an example where a server that implements method X would return it in the "Allow" header, but not in the "XHR-Allow" header? Regards, JulianReceived on Monday, 12 June 2006 09:13:57 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:22:14 GMT