- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 27 Sep 2007 13:34:10 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
On Thu, 20 Sep 2007 20:21:25 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> http://dev.w3.org/2006/waf/access-control/Overview.html#security > > We might want to mention that implementations should not allow other > methods than GET, and not allow the user to specify username/password or > http-headers in conjunction with this, without taking extra precaution > to make sure that that is safe. I.e. XHR2 will allow other methods than > GET, but only if the server opts-in to it. Added. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 27 September 2007 11:34:31 UTC