- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 19 Dec 2007 14:39:53 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>, "Stewart Brodie" <stewart.brodie@antplc.com>
- Cc: public-webapi@w3.org
On Fri, 14 Dec 2007 19:29:10 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > Actually, once we're supporting cross site GET requests, I think we > there should definitely mention that the entity body of GET (and > probably HEAD) requests are dropped. Otherwise there is some risk that > there are servers out there that will do dangerous things when receiving > GET requests with an entity body, such as treat it as a POST. I have not done it for HEAD because that requires an authorization request first. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 19 December 2007 13:38:59 UTC