- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 30 Jan 2008 21:41:04 +0100
- To: public-appformats@w3.org
David said in IRC: >Proposal: It should not be possible to perform cross-site non-safe >(in HTTP, POST/PUT/DELETE) operations prior to an authorization >check being performed I'd suggest to say this instead: It should not be possible to perform cross-site non-safe operations [RFC 2616], i.e., HTTP operations except for GET, HEAD, and OPTIONS, without an authorization check being performed. I'm no longer suggesting that we include a reference to UPNP in this part. Also, please use an ordered list for the sub-requirements to requirement 1, as discussed just now in the call. Presumably, this takes care of ACTION-160 on Art as well. ;) Thanks, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 30 January 2008 20:41:12 UTC