W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2006

Re: Extension methods & XMLHttpRequest

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 12 Jun 2006 10:47:08 +0200
Message-ID: <448D2A0C.5060502@gmx.de>
To: Stefan Eissing <stefan.eissing@greenbytes.de>
CC: HTTP Working Group <ietf-http-wg@w3.org>

Stefan Eissing schrieb:
> ...
> What I mean is that XHR would have the following behavior:
> - Implement a "whitelist" of methods and uses which are known to be "safe"
> - For all methods outside of this, let XHR ask the server if it ok. For 
> example, let XHR send an OPTION request and look for an XHR-Allow 
> header, listing the methods allowed to XHR. (or whatever, the key is 
> that the server is in control)
> Seems to me that this approach puts server application developers in the 
> driver seat and lets browser developers stay safe by default, no matter 
> what future http will bring.

Can you give an example where a server that implements method X would 
return it in the "Allow" header, but not in the "XHR-Allow" header?

Regards, Julian
Received on Monday, 12 June 2006 09:13:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:39 UTC