- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 23 Nov 2007 11:50:45 +0100
- To: "Web API WG (public)" <public-webapi@w3.org>
On Tue, 16 Oct 2007 12:13:19 +0200, Anne van Kesteren <annevk@opera.com> wrote: > CONNECT is also a security issue. The SHOULD-level requirement is about > supporting arbitrary HTTP methods, not TRACE, CONNECT, and apparently > TRACK, specifically. The open() algorithm allows user agents to throw a > SECURITY_ERR exception for methods with security implications though it > doesn't call the known ones out explicitly. It probably should. It now calls out the insecure methods CONNECT, TRACE, and TRACK. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 23 November 2007 10:50:38 UTC