Elliotte Harold wrote: > > James M Snell wrote: > >> Woo hoo! We just reinvented SoapAction! Life is good. > > > If I wasn't convinced this was a bad idea before, I am now. Didn't SOAP > already teach us what happens when you try to tunnel everything through > POST to get around firewalls?
I thought HTML was the teacher. All SOAP tried to do was standardize an existing hack. > Here's a thought: some organizations may have good security based > reasons for disallowing PUT or DELETE from some or all addresses. If so, > then they would want those features of APP to be blocked. We should > allow this. > In other words, the ability to selectively block PUT and/or DELETE while > still allowing POST and GET is a feature, not a bug. No-one is saying it's a bug. > Servers using this > feature for no good reason should be reconfigured to allow PUT and > DELETE. However we shouldn't make everyone implement it if they have > good reasons not to. I agree with what you say. I also think that tunneling is inevitable, most likely via pub:controlor magic urls (see my other post). Firewalls won't stop people overloading POST to achieve PUT/DELETE. That horse bolted a long time ago. cheers Bill
