[Bug 7709] New: Prevent PUT/DELETE cross-origin from bugzilla@wiggum.w3.org on 2009-09-23 (public-html-bugzilla@w3.org from September 2009)

From: <bugzilla@wiggum.w3.org>
Date: Wed, 23 Sep 2009 12:38:15 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-7709-2486@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=7709

           Summary: Prevent PUT/DELETE cross-origin
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec bugs
        AssignedTo: dave.null@w3.org
        ReportedBy: annevk@opera.com
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org, public-html@w3.org


I think it is great that PUT and DELETE are now supported in HTML Forms but I
think we cannot make them go cross-origin without introducing new potential
attacks so they need to be behind a same-origin check. This is certainly not
ideal, but I do not see any other way of making this work perhaps short of
using CORS, but I'm not sure we want to go there just yet.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 23 September 2009 12:38:24 UTC