W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: XMLHttpRequest. Support for "OPTIONS *" method.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 5 Sep 2014 10:12:42 +0200
Message-ID: <CADnb78gkrpZMJ2F2xkSbcu=LzqtP5NURJjTJoWH0urM-LXhzPw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Валерий Котов <kotov.valery@gmail.com>, WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
On Fri, Sep 5, 2014 at 10:06 AM, Mark Nottingham <mnot@mnot.net> wrote:
> That would be foolish, since browsers don’t have an exclusive license to emit HTTP requests.

No, but only browsers are capable of executing untrusted requests
within the current network of the user. But if OPTIONS * is not so
important, I'll happily leave it out.


> FWIW - https://www.mnot.net/blog/2012/10/29/NO_OPTIONS

I remember, had you posted that a couple years prior, the CORS
protocol would've used CORS.


-- 
http://annevankesteren.nl/
Received on Friday, 5 September 2014 08:13:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC