- From: Anne van Kesteren <annevk@opera.com>
- Date: Sun, 11 Jun 2006 10:34:39 +0200
- To: "HTTP Working Group" <ietf-http-wg@w3.org>
On Sun, 11 Jun 2006 04:48:29 +0200, Joe Gregorio <joe.gregorio@gmail.com> wrote: >> The W3C WebAPIs WG is attempting to standardize the XMLHttpRequest >> Javascript object[1], and part of that work involves deciding how to >> handle extension HTTP methods. >> >> Some of the WG is interested in establishing a "whitelist" of methods >> deemed safe at the time of publication of our spec, with the intent >> that all other methods would be disallowed. > > The 'white list' approach is similar to the approach taken > by HTML forms which allows only GET and POST and which > has been disastrous, impeding progress on full usage of HTTP and > hobbling other specs that came later that tried to use methods > beyond GET and POST such as WebDAV. Please don't use a white-list. The problem is that new methods (similar to TRACE and CONNECT) could be introduced which would require immediate patching to browsers. For these reasons, at least Opera and Internet Explorer 7 establish a white list at the moment. (Please don't copy me on replies, I'm already subscribed to the list.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Sunday, 11 June 2006 08:34:51 UTC