Jonas Sicking wrote: > Actually, once we're supporting cross site GET requests, I think we > there should definitely mention that the entity body of GET (and > probably HEAD) requests are dropped. Otherwise there is some risk that > there are servers out there that will do dangerous things when receiving > GET requests with an entity body, such as treat it as a POST. > > This seems like just one more argument for explicitly stating that the > entity body for GET should be dropped at an XHR level. > ... Well, no. If this really is a problem, then it would be reason to disallow request bodies for *any* method on cross-site requests. BR, JulianReceived on Friday, 14 December 2007 18:39:36 UTC
This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:24 UTC