On Oct 15, 2007, at 22:29, Ian Hickson wrote: > We can't use OPTIONS because Apache returns > > Allow: GET,HEAD,POST,OPTIONS,TRACE > > ...by default, which would basically mean that out of the box, any > resource that support cross-site GET would automatically support > cross-site POST. This could be remedied by using a newly named header in the OPTIONS response (e.g. Method-Allow). As a further benefit, introducing new headers would allow the caching outlined in Anne's message. > Also, OPTIONS doesn't return a body, which is useful to authors who > want > to include the cross-domain rights in XML PIs rather than HTTP > headers. Do bad things happen if you do return an entity body in an OPTIONS response? Moreover, what's the point of using PIs if you have control over HTTP headers? -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/Received on Tuesday, 16 October 2007 11:39:24 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT