Re: Consensus Call Re: [XMLHttpRequest] Publishing another draft

On Tue, 16 Oct 2007 12:13:19 +0200, Anne van Kesteren <annevk@opera.com>  
wrote:
> CONNECT is also a security issue. The SHOULD-level requirement is about  
> supporting arbitrary HTTP methods, not TRACE, CONNECT, and apparently  
> TRACK, specifically. The open() algorithm allows user agents to throw a  
> SECURITY_ERR exception for methods with security implications though it  
> doesn't call the known ones out explicitly. It probably should.

It now calls out the insecure methods CONNECT, TRACE, and TRACK.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Friday, 23 November 2007 10:50:38 UTC