- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 19 Dec 2007 14:45:57 +0100
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "Jonas Sicking" <jonas@sicking.cc>, "public-html@w3.org" <public-html@w3.org>
On Wed, 19 Dec 2007 14:39:48 +0100, Julian Reschke <julian.reschke@gmx.de> wrote: > RFC2616 currently doesn't say (and that's why it is an open issue), so > you can't really say that. I think the specification can. XMLHttpRequest has all kinds of restrictions and things that RFC2616 does not have. >> In this case it's not clear that the implementations are broken given >> that they all do it in the same way and all would like to remain doing >> so it seems. Also, as Jonas points out there's a cross-site risk > > As far as I can tell, this is incorrect. Except for Opera, all > implementations either support arbitrary methods (IE6/MSXML, Firefox) or > reject the request (IE7, Safari3?). It's only Opera which still silently > rewrites method names. With "in this case" I was referring to not including the entity body in a GET request. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 19 December 2007 13:44:20 UTC