- From: Nicolas Cordier <notifications@github.com>
- Date: Tue, 29 Dec 2020 02:42:26 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 29 December 2020 10:42:38 UTC
From what I read in this issue and the associated comments, I see that the refusal is based on a theoretical vulnerability. I have put a great deal of thought about this but I fail to see how sending a body with a `GET` method can create a vulnerability? Could someone clarify this point with a concrete and reproducible example, please? I also read the RFC again - and the comments on the Elasticsearch issue are pretty clear about that as well - I still fail to see where the RFC forbids to have a body using a `GET` method. It never states that anywhere from what I read. It only recommend using `POST` but there is no hard restriction. The RFC tends to be very clear about what is strictly forbidden and this is not the case. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/551#issuecomment-752030841
Received on Tuesday, 29 December 2020 10:42:38 UTC