On Wed, 19 Dec 2007 14:39:48 +0100, Julian Reschke <julian.reschke@gmx.de> wrote: > RFC2616 currently doesn't say (and that's why it is an open issue), so > you can't really say that. I think the specification can. XMLHttpRequest has all kinds of restrictions and things that RFC2616 does not have. >> In this case it's not clear that the implementations are broken given >> that they all do it in the same way and all would like to remain doing >> so it seems. Also, as Jonas points out there's a cross-site risk > > As far as I can tell, this is incorrect. Except for Opera, all > implementations either support arbitrary methods (IE6/MSXML, Firefox) or > reject the request (IE7, Safari3?). It's only Opera which still silently > rewrites method names. With "in this case" I was referring to not including the entity body in a GET request. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Wednesday, 19 December 2007 13:44:20 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:11 GMT