Jonas Sicking wrote: >> Disagreed. Please do not try to standardize HTTP APIs that profile >> what HTTP allows. > > XHR already disallows a lot of things that HTTP allows. Setting certain > headers, cross site requests, etc. Why is this different? XHR should only disallow things when there's a good reason to do so, that is, when the fact that XHR requests can be invoked by client-side script in HTML pages affects the security picture. I don't see what that would have to do with GET bodies. >> Besides that, Björn already reported that both IE7 and FF happily pass >> the body, as they should (IMHO). > > My reading of Björns email was that they did not drop it for HEAD, > OPTIONS and EXAMPLE did not drop the entity body. In my testing IE, > Firefox and Opera all dropped the entity body of GET requests. OK. If an implementation behaves differently for GET and HEAD - *except* for handling the response body - this is very clearly a bug, as stated by Björn. Do you want to wire that bug into XHR? > So if for no other reason, interoperability seems like a good argument > for stating that this should be done. Again disagreed. Interoperability may be a good argument for warning people about a certain feature, not requiring everybody not to support it. BR, JulianReceived on Saturday, 15 December 2007 10:45:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:59 GMT