W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTPbis and the Same Origin Policy

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 03 Dec 2009 19:12:00 +0100
Message-ID: <4B17FF70.9040707@gmx.de>
To: Adam Barth <w3c@adambarth.com>
CC: Tyler Close <tyler.close@gmail.com>, Daniel Stenberg <daniel@haxx.se>, Joe Gregorio <joe@bitworking.org>, "Manger, James H" <James.H.Manger@team.telstra.com>, public-web-security@w3.org
Adam Barth wrote:
> ...
> PUT is more dangerous than POST only because, historically, browsers
> have allowed cross-origin POST but not PUT.  That means servers had to
> tollerate cross-origin POST without exploding, but they did not need
> to tolerate cross-origin PUT.  Therefore, there exist servers that
> explode on a cross-origin PUT.
> ...

Evidence?

BR, Julian
Received on Thursday, 3 December 2009 18:12:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT