W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008


From: Jonas Sicking <jonas@sicking.cc>
Date: Sat, 05 Jan 2008 23:39:55 -0800
Message-ID: <478085CB.1080005@sicking.cc>
To: Bjoern Hoehrmann <derhoermi@gmx.net>, "WAF WG (public)" <public-appformats@w3.org>

Bjoern Hoehrmann wrote:
> * Anne van Kesteren wrote:
>> Servers can't be easily made to respond to OPTIONS so therefore we use  
>> GET. GET also allows for taking the entity body into account in case of  
>> XML files.


> So far I've seen little evidence that trading one set of problems for
> another is the best thing to do here, especially as the problem with
> OPTIONS will cease to exist in a few years, while the problems with
> GET will stay with us for many years. What should be clear in any case
> is that using GET makes the protocol more difficult to understand, and
> that is not a good thing for security-sensitive technologies.

I think that Bjoern is bringing up some really good arguments here to be 
honest. I think there are many good arguments for using OPTIONS rather 
than GET. However there are two big worries to me with OPTIONS:

1. Are deployed servers able to deal with OPTIONS? Apache has been 
mentioned as having issues. But if it's really true that this shouldn't 
be a problem with releases after October 2005 I think this is something 
that this seems like less of a problem.

However there are other servers than Apache. For example, is it possible 
to reasonably simple write code for IIS to deal with OPTIONS requests? 
Can you write normal 'asp' (or is it called asp.net or aspx these days) 
pages to do this?

2. Are currently deployed proxies able to deal properly with OPTIONS 

/ Jonas
Received on Sunday, 6 January 2008 07:40:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC