- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 04 Feb 2008 15:30:03 -0800
- To: Anne van Kesteren <annevk@opera.com>
- CC: "WAF WG (public)" <public-appformats@w3.org>
Anne van Kesteren wrote: > > On Mon, 04 Feb 2008 10:27:03 +0100, Jonas Sicking <jonas@sicking.cc> wrote: >> If I do a POST using AC to a http://example.com/form.cgi and the >> initial OPTIONS request forwards to http://example.org/pub/form.cgi, >> does that mean that the POST goes directly to the second URI? > > Yes, you proposed this (although I pointed out later that this was > already in the draft, though unclear): > > http://lists.w3.org/Archives/Public/public-webapi/2007Jul/0042.html Ugh, what a silly idea ;) I'm honestly not sure what the right thing to do here is. My gut feeling is that the POST should go to the original URI and then any redirects would need to follow the exact same path as the original OPTIONS redirects. This way the only difference between the cross-site POST and a same-site POST will be the initial OPTIONS requests. >> That seems like a bad idea to me since it makes cross-site requests >> behave very different from same-site requests, rather than just >> differing in authorization. > > I don't see what the issue is. They already behave very differently as > they require a preflight OPTIONS request. Comments like these do worry > me a bit about the state of your implementation though. :-( I decided not to implement redirects for non-GET methods at all in the initial implementation. It might be the state we will ship in since I think redirects is an edge case and the lack of support for redirect won't hinder adoption of the rest of the spec. / Jonas
Received on Monday, 4 February 2008 23:32:01 UTC