> Is the user or the Referer-Root site accountable for a cross-domain non-GET request? Does the proposed protocol make it possible for the site hosting the resource to correctly determine the answer to that question? I think I have answered the accountability question in http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0076.html Additionally, I still think that this situation exists today. Anyone can set up a CGI that accepts posts from any site. Who would such a CGI hold accountable today? Sure, the CGI could be written such that it rejects cross-site posts, but if it chooses not to, who would it hold accountable? / JonasReceived on Thursday, 7 February 2008 19:59:48 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 7 February 2008 19:59:48 GMT