W3C home > Mailing lists > Public > public-webapi@w3.org > December 2007

Re: [XHR] send doesn’t explain what to do when method is GET

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 19 Dec 2007 14:39:53 +0100
To: "Jonas Sicking" <jonas@sicking.cc>, "Stewart Brodie" <stewart.brodie@antplc.com>
Cc: public-webapi@w3.org
Message-ID: <op.t3k38rez64w2qv@annevk-t60.oslo.opera.com>

On Fri, 14 Dec 2007 19:29:10 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Actually, once we're supporting cross site GET requests, I think we  
> there should definitely mention that the entity body of GET (and  
> probably HEAD) requests are dropped. Otherwise there is some risk that  
> there are servers out there that will do dangerous things when receiving  
> GET requests with an entity body, such as treat it as a POST.

I have not done it for HEAD because that requires an authorization request  
first.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 19 December 2007 13:38:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:59 GMT