W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2006

Extension methods & XMLHttpRequest

From: Mark Baker <distobj@acm.org>
Date: Sat, 10 Jun 2006 00:50:06 -0400
Message-ID: <c70bc85d0606092150m4443fbfp38ab18cf612d6a03@mail.gmail.com>
To: "HTTP Working Group" <ietf-http-wg@w3.org>

Folks,

The W3C WebAPIs WG is attempting to standardize the XMLHttpRequest
Javascript object[1], and part of that work involves deciding how to
handle extension HTTP methods.

Some of the WG is interested in establishing a "whitelist" of methods
deemed safe at the time of publication of our spec, with the intent
that all other methods would be disallowed.  Others would prefer a
"blacklist", whereby we specify that methods known to be a security
problem (in the context of the use of XHR, e.g. CONNECT) not be used,
but that unknown methods be allowed.

We would be interested to know what the HTTP community would recommend.

Thanks.

 [1] http://www.w3.org/TR/XMLHttpRequest/

Mark.
Received on Saturday, 10 June 2006 04:50:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:44 GMT