On Fri, 14 Dec 2007 19:29:10 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > Actually, once we're supporting cross site GET requests, I think we > there should definitely mention that the entity body of GET (and > probably HEAD) requests are dropped. Otherwise there is some risk that > there are servers out there that will do dangerous things when receiving > GET requests with an entity body, such as treat it as a POST. I have not done it for HEAD because that requires an authorization request first. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Wednesday, 19 December 2007 13:38:59 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:59 GMT