- From: Mark Baker <distobj@acm.org>
- Date: Fri, 14 Dec 2007 14:36:50 -0500
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Stewart Brodie" <stewart.brodie@antplc.com>, public-webapi@w3.org
On 12/14/07, Jonas Sicking <jonas@sicking.cc> wrote: > Actually, once we're supporting cross site GET requests, I think we > there should definitely mention that the entity body of GET (and > probably HEAD) requests are dropped. Otherwise there is some risk that > there are servers out there that will do dangerous things when receiving > GET requests with an entity body, such as treat it as a POST. Nah. And if a server does that, whomever installed it only has themselves to blame. > This seems like just one more argument for explicitly stating that the > entity body for GET should be dropped at an XHR level. No. Look, if you don't want to have to take on the extra work of fully supporting HTTP (for what is, admittedly, currently a fringe case), fine, don't. Just please don't ask that we tell those who are willing to do so, that they can't. Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Friday, 14 December 2007 19:36:58 UTC