fre 2007-03-09 klockan 00:02 +1300 skrev Adrien de Croy: > I'm not sure how comfortable I would be typing my username and password > into a form, and then having my browser automatically sending that > information off to another site without my knowledge because the site > sent back a 307. And the specs do not allow it without user confirmation. This security blanked has always been in the specs regarding automatic redirection, only allowing it to take place for GET/HEAD requests without user confirmation. Even the HTTP/1.0 specs has this security restriction. Regards HenrikReceived on Thursday, 8 March 2007 22:56:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:30 GMT