Re: XMLHttpRequest. Support for "OPTIONS *" method. from Anne van Kesteren on 2014-09-05 (public-webapps@w3.org from July to September 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 5 Sep 2014 10:12:42 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: Валерий Котов <kotov.valery@gmail.com>, WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78gkrpZMJ2F2xkSbcu=LzqtP5NURJjTJoWH0urM-LXhzPw@mail.gmail.com>

On Fri, Sep 5, 2014 at 10:06 AM, Mark Nottingham <mnot@mnot.net> wrote:
> That would be foolish, since browsers don’t have an exclusive license to emit HTTP requests.

No, but only browsers are capable of executing untrusted requests
within the current network of the user. But if OPTIONS * is not so
important, I'll happily leave it out.

> FWIW - https://www.mnot.net/blog/2012/10/29/NO_OPTIONS

I remember, had you posted that a couple years prior, the CORS
protocol would've used CORS.

-- 
http://annevankesteren.nl/

Received on Friday, 5 September 2014 08:13:10 UTC