- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Fri, 01 Mar 2013 03:07:11 +0100
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
* Bjoern Hoehrmann wrote: >It seems this requirement has been added in the 2012 draft, so the more >interesting question would by what this is trying to accomplish. Last I >checked "CORS" did not use the response body here, so using 204 seems >quite natural: it saves around 20 bytes on the wire and there is less of >a risk to leak information through the service by accidentally sending a >body. http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0971.html seems to be the reasoning behind rejecting anything but the status 200. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Friday, 1 March 2013 02:07:41 UTC