Ian Hickson schrieb: > On Sat, 10 Jun 2006, Julian Reschke wrote: >>> it's very hard for this group and the browser vendors to agree upon >>> behaviour. E.g. should an entity-body be passed with the verb? How >>> should the browser handle content negotiation? >> Disagreement here. XHR implementations do not need any special knowledge >> about this. If a client supplies a request body, it should be sent. No >> problem here. > > Wouldn't sending a body with a method that doesn't allow a body result in > allowing request smuggling? Well, in only in a broken implementation. See <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.3>: "The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (Section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request." Best regards, JulianReceived on Sunday, 11 June 2006 20:02:26 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT