- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 07 Feb 2008 11:59:29 -0800
- To: "Close, Tyler J." <tyler.close@hp.com>, "WAF WG (public)" <public-appformats@w3.org>
> Is the user or the Referer-Root site accountable for a cross-domain non-GET request? Does the proposed protocol make it possible for the site hosting the resource to correctly determine the answer to that question? I think I have answered the accountability question in http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0076.html Additionally, I still think that this situation exists today. Anyone can set up a CGI that accepts posts from any site. Who would such a CGI hold accountable today? Sure, the CGI could be written such that it rejects cross-site posts, but if it chooses not to, who would it hold accountable? / Jonas
Received on Thursday, 7 February 2008 19:59:48 UTC