Re: [cors] Legacy Servers: POST Body Format

On Mon, 01 Aug 2011 16:09:17 +0200, Philippe De Ryck  
<philippe.deryck@cs.kuleuven.be> wrote:
> The CORS specification fails to protect legacy servers from POST
> messages with arbitrary body formatting.

You can create pretty much any arbitrary message body you want using  
application/x-www-form-urlencoded already by crafting smart names and  
values so the real importance is in not being able to set Content-Type.  
This is not a security problem as far as I can tell.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Tuesday, 2 August 2011 14:47:32 UTC