W3C home > Mailing lists > Public > public-appformats@w3.org > February 2008

Re: review of http://dev.w3.org/2006/waf/access-control/#requirements

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 06 Feb 2008 12:03:43 +0100
To: "Jonas Sicking" <jonas@sicking.cc>, "Mark Nottingham" <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t53noh0i64w2qv@annevk-t60.oslo.opera.com> 

On Wed, 06 Feb 2008 02:43:14 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Mark Nottingham wrote:
>>  Comments:
>>  * "It should not be possible to perform cross-site non-safe  
>> operations, i.e., HTTP operations except for GET, HEAD, and OPTIONS,  
>> without a method check requestbeing performed." -- this specifies a  
>> solution in the requirements.
>
> I agree the link should be removed. And I guess saying "without first  
> checking that the server is ok with this" might be more generic wording?

I changed it to "authorization check". I believe it was something like  
that originally and it seems that my copy & paste action for rewording the  
preflight request was a bit too aggrasive. I've fixed that now.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 6 February 2008 11:00:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 February 2008 11:00:40 GMT