- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 06 Feb 2008 12:03:43 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>, "Mark Nottingham" <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>
On Wed, 06 Feb 2008 02:43:14 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > Mark Nottingham wrote: >> Comments: >> * "It should not be possible to perform cross-site non-safe >> operations, i.e., HTTP operations except for GET, HEAD, and OPTIONS, >> without a method check requestbeing performed." -- this specifies a >> solution in the requirements. > > I agree the link should be removed. And I guess saying "without first > checking that the server is ok with this" might be more generic wording? I changed it to "authorization check". I believe it was something like that originally and it seems that my copy & paste action for rewording the preflight request was a bit too aggrasive. I've fixed that now. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 6 February 2008 11:00:39 UTC