W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: PROPFIND vs "simple methods", was: [CORS] HTTP error codes in preflight response

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 22 Sep 2010 12:36:15 -0700
Message-ID: <AANLkTimCtDZzqLGnkp0AKW0VKng+est=QqEN+HPG4Ebk@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Webapps WG <public-webapps@w3.org>
On Wed, Sep 22, 2010 at 12:26 PM, Anne van Kesteren <annevk@opera.com> wrote:
> On Wed, 22 Sep 2010 21:20:09 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>>
>> On Wed, Sep 22, 2010 at 12:16 PM, Anne van Kesteren <annevk@opera.com>
>> wrote:
>>>
>>> We don't want to keep updating the "safe" list. So they're all "unsafe".
>>> Or
>>> maybe not "unsafe", just not compatible with HTML forms.
>>
>> What we're really concerned about here is the HTML/SVG/web/whathaveyou
>> same-origin security model that browsers implement and servers
>> generally rely on. This model only allows cross-origin requests that
>> use get/head/post-with-some-content-types. So that might be the term
>> to use here.
>
> What term?
>
> "simple methods" is by the way just an indication of whether they follow the
> "simple cross-origin request" set of steps. "simple" has nothing to do with
> "safe". They are distinct terms.

I was thinking of "same-origin security model".

But as long as this is just an editorial issue, I really don't care
about what wording is used.

/ Jonas
Received on Thursday, 23 September 2010 02:40:38 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT