On Thu, 20 Sep 2007 20:21:25 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
http://dev.w3.org/2006/waf/access-control/Overview.html#security
We might want to mention that implementations should not allow other
methods than GET, and not allow the user to specify username/password or
http-headers in conjunction with this, without taking extra precaution
to make sure that that is safe. I.e. XHR2 will allow other methods than
GET, but only if the server opts-in to it.
Added.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
