- From: Jon Ferraiolo <jferrai@us.ibm.com>
- Date: Thu, 3 Jan 2008 10:13:13 -0800
- To: "public-appformats@w3.org" <public-appformats@w3.org>
Received on Thursday, 3 January 2008 18:27:04 UTC
Over at OpenAjax Alliance, we have had some recent discussion about Access Control and were wondering whether it was possible to use HEAD or OPTIONS instead of GET in order to find out if the server allows cross-site POST (or DELETE). There have been comments that if the primary goal is to determine if POST is allowed, then it is more consistent with HTTP guidelines to issue a GET or OPTIONS rather than only supporting GET. Thanks. Jon BTW - It would be nice if the WAF WG home page had a link to the latest editorial draft in addition to the latest public draft.
Received on Thursday, 3 January 2008 18:27:04 UTC