W3C home > Mailing lists > Public > public-webapi@w3.org > June 2006

Re: Extension HTTP methods

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 10 Jun 2006 14:08:55 +0200
Message-ID: <448AB657.3010005@gmx.de>
To: Ian Hickson <ian@hixie.ch>
CC: Charles McCathieNevile <chaals@opera.com>, Mark Nottingham <mnot@yahoo-inc.com>, "Web APIs WG (public)" <public-webapi@w3.org>

Ian Hickson schrieb:
> On Fri, 9 Jun 2006, Julian Reschke wrote:
>> Speaking of which, if this is a security problem: why hasn't it been 
>> fixed in Firefox 1.5 and/or IE 6SP2? Both seem to happily send CONNECT 
>> requests when asked for.
> 
> It was fixed in IE7. I would presume that the other browser vendors are 
> still weighing their options, and that that is probably why the working 
> group is still discussing this (given that most members of the working 
> group are browser vendors).

IE7 is an unreleased product.

IE6 is what's supported by Microsoft and which is in active maintenance. 
If there's a security risk in the current implementation, I would expect 
Microsoft to fix it there. Of course the same applies to FF.

Best regards, Julian
Received on Saturday, 10 June 2006 12:09:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT