W3C home > Mailing lists > Public > public-appformats@w3.org > September 2007

Re: Request for Comments on Enabling Read Access for Web Resources

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 27 Sep 2007 13:34:10 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.tza828ph64w2qv@annevk-t60.oslo.opera.com> 

On Thu, 20 Sep 2007 20:21:25 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>> http://dev.w3.org/2006/waf/access-control/Overview.html#security
>
> We might want to mention that implementations should not allow other  
> methods than GET, and not allow the user to specify username/password or  
> http-headers in conjunction with this, without taking extra precaution  
> to make sure that that is safe. I.e. XHR2 will allow other methods than  
> GET, but only if the server opts-in to it.

Added.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 27 September 2007 11:34:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT