- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 12 Jun 2006 10:47:08 +0200
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Stefan Eissing schrieb: > ... > What I mean is that XHR would have the following behavior: > - Implement a "whitelist" of methods and uses which are known to be "safe" > - For all methods outside of this, let XHR ask the server if it ok. For > example, let XHR send an OPTION request and look for an XHR-Allow > header, listing the methods allowed to XHR. (or whatever, the key is > that the server is in control) > > Seems to me that this approach puts server application developers in the > driver seat and lets browser developers stay safe by default, no matter > what future http will bring. Can you give an example where a server that implements method X would return it in the "Allow" header, but not in the "XHR-Allow" header? Regards, Julian
Received on Monday, 12 June 2006 09:13:57 UTC