- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 22 Sep 2010 21:26:00 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Julian Reschke" <julian.reschke@gmx.de>, "Webapps WG" <public-webapps@w3.org>
On Wed, 22 Sep 2010 21:20:09 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > On Wed, Sep 22, 2010 at 12:16 PM, Anne van Kesteren <annevk@opera.com> > wrote: >> We don't want to keep updating the "safe" list. So they're all >> "unsafe". Or >> maybe not "unsafe", just not compatible with HTML forms. > > What we're really concerned about here is the HTML/SVG/web/whathaveyou > same-origin security model that browsers implement and servers > generally rely on. This model only allows cross-origin requests that > use get/head/post-with-some-content-types. So that might be the term > to use here. What term? "simple methods" is by the way just an indication of whether they follow the "simple cross-origin request" set of steps. "simple" has nothing to do with "safe". They are distinct terms. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 22 September 2010 19:26:35 UTC