W3C home > Mailing lists > Public > public-html@w3.org > December 2007

Re: [XHR] send doesn’t explain what to do when method is GET

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 19 Dec 2007 14:45:57 +0100
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Jonas Sicking" <jonas@sicking.cc>, "public-html@w3.org" <public-html@w3.org>
Message-ID: <op.t3k4ivke64w2qv@annevk-t60.oslo.opera.com>

On Wed, 19 Dec 2007 14:39:48 +0100, Julian Reschke <julian.reschke@gmx.de>  
> RFC2616 currently doesn't say (and that's why it is an open issue), so  
> you can't really say that.

I think the specification can. XMLHttpRequest has all kinds of  
restrictions and things that RFC2616 does not have.

>> In this case it's not clear that the implementations are broken given  
>> that they all do it in the same way and all would like to remain doing  
>> so it seems. Also, as Jonas points out there's a cross-site risk
> As far as I can tell, this is incorrect. Except for Opera, all  
> implementations either support arbitrary methods (IE6/MSXML, Firefox) or  
> reject the request (IE7, Safari3?). It's only Opera which still silently  
> rewrites method names.

With "in this case" I was referring to not including the entity body in a  
GET request.

Anne van Kesteren
Received on Wednesday, 19 December 2007 13:44:20 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC