On Tue, 16 Oct 2007 12:13:19 +0200, Anne van Kesteren <annevk@opera.com> wrote: > CONNECT is also a security issue. The SHOULD-level requirement is about > supporting arbitrary HTTP methods, not TRACE, CONNECT, and apparently > TRACK, specifically. The open() algorithm allows user agents to throw a > SECURITY_ERR exception for methods with security implications though it > doesn't call the known ones out explicitly. It probably should. It now calls out the insecure methods CONNECT, TRACE, and TRACK. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Friday, 23 November 2007 10:50:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT