Re: Redirection of a POST as a GET

fre 2007-03-09 klockan 00:02 +1300 skrev Adrien de Croy:

> I'm not sure how comfortable I would be typing my username and password 
> into a form, and then having my browser automatically sending that 
> information off to another site without my knowledge because the site 
> sent back a 307.

And the specs do not allow it without user confirmation.

This security blanked has always been in the specs regarding automatic
redirection, only allowing it to take place for GET/HEAD requests
without user confirmation. Even the HTTP/1.0 specs has this security


Received on Thursday, 8 March 2007 22:56:42 UTC