- From: John <jpanzer@acm.org>
- Date: Mon, 4 Feb 2008 09:19:46 -0800
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
-John On Feb 4, 2008, at 2:41 AM, "Anne van Kesteren" <annevk@opera.com> wrote: > > On Mon, 04 Feb 2008 10:27:03 +0100, Jonas Sicking <jonas@sicking.cc> > wrote: >> If I do a POST using AC to a http://example.com/form.cgi and the >> initial OPTIONS request forwards to http://example.org/pub/ >> form.cgi, does that mean that the POST goes directly to the second >> URI? > > Yes, you proposed this (although I pointed out later that this was > already in the draft, though unclear): > > http://lists.w3.org/Archives/Public/public-webapi/2007Jul/0042.html > > >> That seems like a bad idea to me since it makes cross-site requests >> behave very different from same-site requests, rather than just >> differing in authorization. > > I don't see what the issue is. They already behave very differently > as they require a preflight OPTIONS request. Comments like these do > worry me a bit about the state of your implementation though. :-( > > Presumably the cgi could be requestable from a same-domain page as well. Leading to totally different (unintended) behavior in each case. >
Received on Monday, 4 February 2008 17:20:03 UTC