W3C home > Mailing lists > Public > public-webapi@w3.org > November 2007

Re: Consensus Call Re: [XMLHttpRequest] Publishing another draft

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 23 Nov 2007 11:50:45 +0100
To: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.t18q2vhu64w2qv@annevk-t60.oslo.opera.com>

On Tue, 16 Oct 2007 12:13:19 +0200, Anne van Kesteren <annevk@opera.com>  
wrote:
> CONNECT is also a security issue. The SHOULD-level requirement is about  
> supporting arbitrary HTTP methods, not TRACE, CONNECT, and apparently  
> TRACK, specifically. The open() algorithm allows user agents to throw a  
> SECURITY_ERR exception for methods with security implications though it  
> doesn't call the known ones out explicitly. It probably should.

It now calls out the insecure methods CONNECT, TRACE, and TRACK.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Friday, 23 November 2007 10:50:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT