W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTPbis and the Same Origin Policy

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 03 Dec 2009 19:12:00 +0100
Message-ID: <4B17FF70.9040707@gmx.de>
To: Adam Barth <w3c@adambarth.com>
CC: Tyler Close <tyler.close@gmail.com>, Daniel Stenberg <daniel@haxx.se>, Joe Gregorio <joe@bitworking.org>, "Manger, James H" <James.H.Manger@team.telstra.com>, public-web-security@w3.org
Adam Barth wrote:
> ...
> PUT is more dangerous than POST only because, historically, browsers
> have allowed cross-origin POST but not PUT.  That means servers had to
> tollerate cross-origin POST without exploding, but they did not need
> to tolerate cross-origin PUT.  Therefore, there exist servers that
> explode on a cross-origin PUT.
> ...


BR, Julian
Received on Thursday, 3 December 2009 18:12:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:17 UTC