W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Extension HTTP methods

From: Pete Kirkham <mach.elf@gmail.com>
Date: Sat, 15 Apr 2006 11:31:43 +0100
Message-ID: <f9d9d39b0604150331x10cd10ddj6b2a1ab87985fdc@mail.gmail.com>
To: public-webapi@w3.org

I have worked with XMLHttpRequest (and also the Java http libraries)
and found it annoying that only a few of the WebDav and DeltaV methods
are supported. Often I've had to hack it with a server script to
tunnel the requests so that I end up with POST
http://example.com/my-stuff?method=MKACTIVITY rather than MKACTIVITIY
http://example.com/my-stuff so that I can use a repository from a
browser based application.

Assuming that generic methods are supported by whitelists or some
other XSS protection, is there a reason why there needs to be a
restriction on the available methods? POST is often used for
destructive or billing operations, and a sensible restriction on the
method name (say 32 character limit of <any CHAR except CTLs or
separators> to prevent overrun attacks) rather than a restrive list.


Pete
Received on Monday, 17 April 2006 15:10:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT