- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 05 Jan 2008 23:39:55 -0800
- To: Bjoern Hoehrmann <derhoermi@gmx.net>, "WAF WG (public)" <public-appformats@w3.org>
Bjoern Hoehrmann wrote: > * Anne van Kesteren wrote: >> Servers can't be easily made to respond to OPTIONS so therefore we use >> GET. GET also allows for taking the entity body into account in case of >> XML files. [snip] > So far I've seen little evidence that trading one set of problems for > another is the best thing to do here, especially as the problem with > OPTIONS will cease to exist in a few years, while the problems with > GET will stay with us for many years. What should be clear in any case > is that using GET makes the protocol more difficult to understand, and > that is not a good thing for security-sensitive technologies. I think that Bjoern is bringing up some really good arguments here to be honest. I think there are many good arguments for using OPTIONS rather than GET. However there are two big worries to me with OPTIONS: 1. Are deployed servers able to deal with OPTIONS? Apache has been mentioned as having issues. But if it's really true that this shouldn't be a problem with releases after October 2005 I think this is something that this seems like less of a problem. However there are other servers than Apache. For example, is it possible to reasonably simple write code for IIS to deal with OPTIONS requests? Can you write normal 'asp' (or is it called asp.net or aspx these days) pages to do this? 2. Are currently deployed proxies able to deal properly with OPTIONS requests? / Jonas
Received on Sunday, 6 January 2008 07:40:07 UTC