- From: Jon Ferraiolo <jferrai@us.ibm.com>
- Date: Thu, 3 Jan 2008 14:51:35 -0800
- To: "Anne van Kesteren" <annevk@opera.com>
- Cc: "public-appformats@w3.org" <public-appformats@w3.org>, public-appformats-request@w3.org
- Message-ID: <OFBE694600.338EDCF3-ON882573C5.007D3BF4-882573C5.007D92D6@us.ibm.com>
public-appformats-request@w3.org wrote on 01/03/2008 02:29:48 PM: > > On Thu, 03 Jan 2008 19:13:13 +0100, Jon Ferraiolo <jferrai@us.ibm.com> > wrote: > > Over at OpenAjax Alliance, we have had some recent discussion about > > Access Control and were wondering whether it was possible to use HEAD or > > OPTIONS > > instead of GET in order to find out if the server allows cross-site POST > > (or DELETE). There have been comments that if the primary goal is to > > determine if POST is allowed, then it is more consistent with HTTP > > guidelines to issue a GET or OPTIONS rather than only supporting GET. > > Servers can't be easily made to respond to OPTIONS so therefore we use > GET. Yes, I remember that part of the email discussion. Therefore, you support GET. By why not also support HEAD and OPTIONS? Why make everyone use the (arguably) wrong approach to HTTP just because some existing server technologies don't support all HTTP options conveniently at this particular moment in time? We shouldn't confuse today's existing common practice with future recommended best practice, and we shouldn't prevent adoption of best practice techniques. Jon >GET also allows for taking the entity body into account in case of > XML files. Given that we need GET I'm not sure what use it would be to > allow OPTIONS in addition. There are after all (obvious) downsides to such > an approach such as the OPTIONS way giving a different response and some > user agents following the OPTIONS route and some others the GET, etc. > Seems messy. > > > > BTW - It would be nice if the WAF WG home page had a link to the latest > > editorial draft in addition to the latest public draft. > > The latest editor's draft can be found here: > http://dev.w3.org/2006/waf/access-control/ > > It seems that Art (thanks!) updated the home page today to include a > pointer to that draft. > > > -- > Anne van Kesteren > <http://annevankesteren.nl/> > <http://www.opera.com/> >
Received on Thursday, 3 January 2008 22:53:24 UTC