Re: Request for Comments on Enabling Read Access for Web Resources

On Thu, 20 Sep 2007 20:21:25 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>> http://dev.w3.org/2006/waf/access-control/Overview.html#security
>
> We might want to mention that implementations should not allow other  
> methods than GET, and not allow the user to specify username/password or  
> http-headers in conjunction with this, without taking extra precaution  
> to make sure that that is safe. I.e. XHR2 will allow other methods than  
> GET, but only if the server opts-in to it.

Added.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 27 September 2007 11:34:31 UTC