- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 08 Mar 2007 13:15:15 +0100
- To: Adrien de Croy <adrien@qbik.com>
- CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Adrien de Croy schrieb: > > > one thing - are there any security implications with a browser say > automatically resubmitting some POST data to another server based on a > redirect code? Yes. That's why 10.3 (<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.10.3>) says: "The action required MAY be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD." (this part needs to be fixed to say "safe method" instead of "GET or HEAD"). > ... Best regards, Julian
Received on Thursday, 8 March 2007 12:15:33 UTC