W3C home > Mailing lists > Public > public-webapi@w3.org > December 2007

Re: [XHR] send doesn’t explain what to do when method is GET

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 17 Dec 2007 17:43:37 -0800
Message-ID: <476725C9.8070202@sicking.cc>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Anne van Kesteren <annevk@opera.com>, Maciej Stachowiak <mjs@apple.com>, Mark Baker <distobj@acm.org>, Boris Zbarsky <bzbarsky@mit.edu>, Bjoern Hoehrmann <derhoermi@gmx.net>, public-webapi@w3.org 

Julian Reschke wrote:
> 
> Jonas Sicking wrote:
>>> Disagreed. Please do not try to standardize HTTP APIs that profile 
>>> what HTTP allows.
>>
>> XHR already disallows a lot of things that HTTP allows. Setting 
>> certain headers, cross site requests, etc. Why is this different?
> 
> XHR should only disallow things when there's a good reason to do so, 
> that is, when the fact that XHR requests can be invoked by client-side 
> script in HTML pages affects the security picture.
> 
> I don't see what that would have to do with GET bodies.

Interoperability is IMHO a pretty good reason. I can't say I care super 
much, but I still don't see any value in allowing bodies with GET requests.

But I do think that the spec does need to say something. Staying silent 
and hoping that people won't depend on unspecified things is a tried and 
failed method.

/ Jonas
Received on Tuesday, 18 December 2007 01:43:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:59 GMT