- From: Pete Kirkham <mach.elf@gmail.com>
- Date: Sat, 15 Apr 2006 11:31:43 +0100
- To: public-webapi@w3.org
I have worked with XMLHttpRequest (and also the Java http libraries) and found it annoying that only a few of the WebDav and DeltaV methods are supported. Often I've had to hack it with a server script to tunnel the requests so that I end up with POST http://example.com/my-stuff?method=MKACTIVITY rather than MKACTIVITIY http://example.com/my-stuff so that I can use a repository from a browser based application. Assuming that generic methods are supported by whitelists or some other XSS protection, is there a reason why there needs to be a restriction on the available methods? POST is often used for destructive or billing operations, and a sensible restriction on the method name (say 32 character limit of <any CHAR except CTLs or separators> to prevent overrun attacks) rather than a restrive list. Pete
Received on Monday, 17 April 2006 15:10:32 UTC