Re: PROPFIND vs "simple methods", was: [CORS] HTTP error codes in preflight response

On Wed, Sep 22, 2010 at 12:26 PM, Anne van Kesteren <annevk@opera.com> wrote:
> On Wed, 22 Sep 2010 21:20:09 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>>
>> On Wed, Sep 22, 2010 at 12:16 PM, Anne van Kesteren <annevk@opera.com>
>> wrote:
>>>
>>> We don't want to keep updating the "safe" list. So they're all "unsafe".
>>> Or
>>> maybe not "unsafe", just not compatible with HTML forms.
>>
>> What we're really concerned about here is the HTML/SVG/web/whathaveyou
>> same-origin security model that browsers implement and servers
>> generally rely on. This model only allows cross-origin requests that
>> use get/head/post-with-some-content-types. So that might be the term
>> to use here.
>
> What term?
>
> "simple methods" is by the way just an indication of whether they follow the
> "simple cross-origin request" set of steps. "simple" has nothing to do with
> "safe". They are distinct terms.

I was thinking of "same-origin security model".

But as long as this is just an editorial issue, I really don't care
about what wording is used.

/ Jonas

Received on Thursday, 23 September 2010 02:40:38 UTC