W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: XMLHttpRequest. Support for "OPTIONS *" method.

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Fri, 05 Sep 2014 08:29:32 -0400
Message-ID: <5409ACAC.10109@mit.edu>
To: public-webappsec@w3.org

On 9/5/14, 4:06 AM, Mark Nottingham wrote:
> That would be foolish, since browsers don’t have an exclusive license to emit HTTP requests.

While true, in practice browsers are what can emit HTTP requests to 
things behind your firewall, and with user cookies set.

-Boris

Received on Friday, 5 September 2014 12:30:03 UTC

This message: [ Message body ]
Next message: Pete Freitag: "Re: CSP reports on eval() and inline"
Previous message: Julian Reschke: "Re: XMLHttpRequest. Support for "OPTIONS *" method."
In reply to: Mark Nottingham: "Re: XMLHttpRequest. Support for "OPTIONS *" method."
Next in thread: Julian Reschke: "Re: XMLHttpRequest. Support for "OPTIONS *" method."

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC