W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: PROPFIND vs "simple methods", was: [CORS] HTTP error codes in preflight response

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 22 Sep 2010 20:19:08 +0200
Message-ID: <4C9A489C.9080006@gmx.de>
To: Jonas Sicking <jonas@sicking.cc>
CC: Webapps WG <public-webapps@w3.org>
On 22.09.2010 20:05, Jonas Sicking wrote:
> ...
> For what it's worth, I think "simple" is meant as "Must be handled by
> servers today as HTML implementations can already send this request
> cross site". Not as the HTTP definition of "must/should not have side
> effects".
> ...

Yes. That's why I think it needs just rephrasing.

> That said, I don't feel strongly either way of if PROPFIND should be
> preflighted or not. But we would definitely have to ask "are you sure
> that servers follow the spec and don't have side effects". I'll note
> that it's well known that GET requests often have side effects despite
> http saying they shouldn't.

Understood.

For GET I'm tempted to say: anybody who still hasn't learned about it 
deserves breakage.

For PROPFIND (and other methods defined to be "safe"): it really doesn't 
make sense to do a preflight OPTIONS for PROPFIND. Both are defined to 
be safe. Both could have broken server implementations.

Best regards, Julian
Received on Wednesday, 22 September 2010 18:26:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT