- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 15 Oct 2007 17:57:18 +0200
- To: "Bjoern Hoehrmann" <derhoermi@gmx.net>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Mon, 15 Oct 2007 17:48:56 +0200, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > Could you say what essential parts of this protocol would break under > real world circumstances if clients would not send a Method-Name header, > would not send a Referer-Root header, would use OPTIONS instead of GET, > and consequently not check for processing instructions in the response, > and why the specification needs to address those cases, if any? In case of https to http Referer would not be set so the server would not know where the request originated. Third-party software sometimes also blocks Referer for privacy reasons (data hidden in path). There's no Method-Name header. The Method-Check header is purely informational. Servers could refuse access to clients based on lack of either Referer-Root or Method-Check though. OPTIONS responses can't easily be configured by authors as I understand it. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 15 October 2007 16:12:41 UTC