W3C home > Mailing lists > Public > public-html@w3.org > March 2012

Re: ISSUE-195: form-http-req - Chairs Solicit Alternate Proposals or Counter-Proposals

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 22 Mar 2012 11:26:39 +0100
Message-ID: <4F6AFE5F.60003@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: public-html@w3.org, Edward O'Connor <eoconnor@apple.com>
On 2012-03-22 10:37, Anne van Kesteren wrote:
> On Thu, 22 Mar 2012 10:19:53 +0100, Julian Reschke
> <julian.reschke@gmx.de> wrote:
>> On 2012-03-22 10:11, Anne van Kesteren wrote:
>>> On Wed, 21 Mar 2012 23:47:00 +0100, Edward O'Connor <eoconnor@apple.com>
>>> wrote:
>>>> Please consider this zero edit Change Proposal for ISSUE-195:
>>>>
>>>> http://www.w3.org/html/wg/wiki/User:Eoconnor/ISSUE-195
>>>
>>> Strong support. The other proposal is completely insecure.
>>
>> If there's something insecure about it, you probably should point out
>> what it is.
>
> Allowing cross-origin methods not previously allowed, allowing
> manipulation of headers cross-origin. Your basic insecure stuff that
> should have been known if the people making that change proposal had
> actually compared it to XMLHttpRequest.

At some point a previous proposal stated that for methods other than 
GET/HEAD/POST, the same requirements as for XHR should apply.
Received on Thursday, 22 March 2012 10:27:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:31 UTC