- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 07 Feb 2012 16:49:08 +0100
- To: "Mark Nottingham" <mnot@mnot.net>, "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
On Tue, 07 Feb 2012 16:14:43 +0100, Julian Reschke <julian.reschke@gmx.de> wrote: > 1) Remove the statements from 301/302/307. > > 2) In a single place, explain the risks of automatically redirecting > when the new request method is unsafe. Note this applies to *any* kind > of following redirects, including future ones (such as 308). > > Not sure about where to put the text for 2); does this belong into the > description of 3xx or into the Security Considerations? Can you explain to me the scenario for 2? In particular how a redirect makes this more dangerous than just performing the request directly. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 7 February 2012 15:52:26 UTC