- From: Mark Baker <distobj@acm.org>
- Date: Sat, 10 Jun 2006 00:50:06 -0400
- To: "HTTP Working Group" <ietf-http-wg@w3.org>
Folks, The W3C WebAPIs WG is attempting to standardize the XMLHttpRequest Javascript object[1], and part of that work involves deciding how to handle extension HTTP methods. Some of the WG is interested in establishing a "whitelist" of methods deemed safe at the time of publication of our spec, with the intent that all other methods would be disallowed. Others would prefer a "blacklist", whereby we specify that methods known to be a security problem (in the context of the use of XHR, e.g. CONNECT) not be used, but that unknown methods be allowed. We would be interested to know what the HTTP community would recommend. Thanks. [1] http://www.w3.org/TR/XMLHttpRequest/ Mark.
Received on Saturday, 10 June 2006 04:50:16 UTC