- From: Zamralik <notifications@github.com>
- Date: Fri, 29 Mar 2019 04:30:02 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 29 March 2019 11:30:25 UTC
@annevk I had already read #83 before my previous answer. Using a non-standard HTTP method is not an acceptable solution to a non-standard HTTP behavior. Using non-standard HTTP methods go against the security/caching handling based on HTTP method. Browsers follows the Fetch API standard, and suggesting otherwise is a bad call. Browsers shouldn't be encouraged to not follow standards. Noone wants to go back to the era when websites were made for specific browsers. There is a HTTP standard. There is Fetch API standard. Browsers should be compliant with the Fetch API standard. Fetch API works using HTTP, so it should be compliant with HTTP standard unless it cause a security breach. Security verification disallowing GET requests to have a body is not a concern for the standard. There's no security imperative as GET requests are safe by nature (no modification). If there's a security breach caused by a GET request, it's an implementation issue on the server, and should not be a concern for the standard as bad server implementations can exists for everything. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/551#issuecomment-477965271
Received on Friday, 29 March 2019 11:30:25 UTC