W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2006

Re: Extension methods & XMLHttpRequest

From: Anne van Kesteren <annevk@opera.com>
Date: Sun, 11 Jun 2006 10:34:39 +0200
To: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <op.tay3f1mf64w2qv@id-c0020.oslo.opera.com>

On Sun, 11 Jun 2006 04:48:29 +0200, Joe Gregorio <joe.gregorio@gmail.com>  
wrote:
>> The W3C WebAPIs WG is attempting to standardize the XMLHttpRequest
>> Javascript object[1], and part of that work involves deciding how to
>> handle extension HTTP methods.
>>
>> Some of the WG is interested in establishing a "whitelist" of methods
>> deemed safe at the time of publication of our spec, with the intent
>> that all other methods would be disallowed.
>
> The 'white list' approach is similar to the approach taken
> by HTML forms which allows only GET and POST and which
> has been disastrous, impeding progress on full usage of HTTP and
> hobbling other specs that came later that tried to use methods
> beyond GET and POST such as WebDAV. Please don't use a white-list.

The problem is that new methods (similar to TRACE and CONNECT) could be  
introduced which would require immediate patching to browsers. For these  
reasons, at least Opera and Internet Explorer 7 establish a white list at  
the moment.

(Please don't copy me on replies, I'm already subscribed to the list.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Sunday, 11 June 2006 08:34:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:44 GMT