GET vs HEAD vs OPTIONS

Over at OpenAjax Alliance, we have had some recent discussion about Access
Control and were wondering whether it was possible to use HEAD or OPTIONS
instead of GET in order to find out if the server allows cross-site POST
(or DELETE). There have been comments that if the primary goal is to
determine if POST is allowed, then it is more consistent with HTTP
guidelines to issue a GET or OPTIONS rather than only supporting GET.

Thanks.
Jon

BTW - It would be nice if the WAF WG home page had a link to the latest
editorial draft in addition to the latest public draft.

Received on Thursday, 3 January 2008 18:27:04 UTC