Re: [XHR] send doesn’t explain what to do when method is GET

On Wed, 19 Dec 2007 14:39:48 +0100, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> RFC2616 currently doesn't say (and that's why it is an open issue), so  
> you can't really say that.

I think the specification can. XMLHttpRequest has all kinds of  
restrictions and things that RFC2616 does not have.


>> In this case it's not clear that the implementations are broken given  
>> that they all do it in the same way and all would like to remain doing  
>> so it seems. Also, as Jonas points out there's a cross-site risk
>
> As far as I can tell, this is incorrect. Except for Opera, all  
> implementations either support arbitrary methods (IE6/MSXML, Firefox) or  
> reject the request (IE7, Safari3?). It's only Opera which still silently  
> rewrites method names.

With "in this case" I was referring to not including the entity body in a  
GET request.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Wednesday, 19 December 2007 13:44:20 UTC