On 2012-03-22 10:37, Anne van Kesteren wrote: > On Thu, 22 Mar 2012 10:19:53 +0100, Julian Reschke > <julian.reschke@gmx.de> wrote: >> On 2012-03-22 10:11, Anne van Kesteren wrote: >>> On Wed, 21 Mar 2012 23:47:00 +0100, Edward O'Connor <eoconnor@apple.com> >>> wrote: >>>> Please consider this zero edit Change Proposal for ISSUE-195: >>>> >>>> http://www.w3.org/html/wg/wiki/User:Eoconnor/ISSUE-195 >>> >>> Strong support. The other proposal is completely insecure. >> >> If there's something insecure about it, you probably should point out >> what it is. > > Allowing cross-origin methods not previously allowed, allowing > manipulation of headers cross-origin. Your basic insecure stuff that > should have been known if the people making that change proposal had > actually compared it to XMLHttpRequest. At some point a previous proposal stated that for methods other than GET/HEAD/POST, the same requirements as for XHR should apply.Received on Thursday, 22 March 2012 10:27:14 UTC
This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:22 UTC