Re: PROPFIND vs "simple methods", was: [CORS] HTTP error codes in preflight response

On Wed, 22 Sep 2010 21:20:09 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> On Wed, Sep 22, 2010 at 12:16 PM, Anne van Kesteren <annevk@opera.com>  
> wrote:
>> We don't want to keep updating the "safe" list. So they're all  
>> "unsafe". Or
>> maybe not "unsafe", just not compatible with HTML forms.
>
> What we're really concerned about here is the HTML/SVG/web/whathaveyou
> same-origin security model that browsers implement and servers
> generally rely on. This model only allows cross-origin requests that
> use get/head/post-with-some-content-types. So that might be the term
> to use here.

What term?

"simple methods" is by the way just an indication of whether they follow  
the "simple cross-origin request" set of steps. "simple" has nothing to do  
with "safe". They are distinct terms.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Wednesday, 22 September 2010 19:26:35 UTC