Re: review of http://dev.w3.org/2006/waf/access-control/#requirements

On Wed, 06 Feb 2008 02:43:14 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Mark Nottingham wrote:
>>  Comments:
>>  * "It should not be possible to perform cross-site non-safe  
>> operations, i.e., HTTP operations except for GET, HEAD, and OPTIONS,  
>> without a method check requestbeing performed." -- this specifies a  
>> solution in the requirements.
>
> I agree the link should be removed. And I guess saying "without first  
> checking that the server is ok with this" might be more generic wording?

I changed it to "authorization check". I believe it was something like  
that originally and it seems that my copy & paste action for rewording the  
preflight request was a bit too aggrasive. I've fixed that now.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Wednesday, 6 February 2008 11:00:39 UTC