- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Tue, 16 Oct 2007 14:38:52 +0300
- To: Ian Hickson <ian@hixie.ch>
- Cc: Anne van Kesteren <annevk@opera.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, "WAF WG (public)" <public-appformats@w3.org>
On Oct 15, 2007, at 22:29, Ian Hickson wrote: > We can't use OPTIONS because Apache returns > > Allow: GET,HEAD,POST,OPTIONS,TRACE > > ...by default, which would basically mean that out of the box, any > resource that support cross-site GET would automatically support > cross-site POST. This could be remedied by using a newly named header in the OPTIONS response (e.g. Method-Allow). As a further benefit, introducing new headers would allow the caching outlined in Anne's message. > Also, OPTIONS doesn't return a body, which is useful to authors who > want > to include the cross-domain rights in XML PIs rather than HTTP > headers. Do bad things happen if you do return an entity body in an OPTIONS response? Moreover, what's the point of using PIs if you have control over HTTP headers? -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Tuesday, 16 October 2007 11:39:24 UTC