Bjoern Hoehrmann wrote:
* Anne van Kesteren wrote:
Servers can't be easily made to respond to OPTIONS so therefore we use
GET. GET also allows for taking the entity body into account in case of
XML files.
[snip]
So far I've seen little evidence that trading one set of problems for
another is the best thing to do here, especially as the problem with
OPTIONS will cease to exist in a few years, while the problems with
GET will stay with us for many years. What should be clear in any case
is that using GET makes the protocol more difficult to understand, and
that is not a good thing for security-sensitive technologies.
I think that Bjoern is bringing up some really good arguments here to be
honest. I think there are many good arguments for using OPTIONS rather
than GET. However there are two big worries to me with OPTIONS:
1. Are deployed servers able to deal with OPTIONS? Apache has been
mentioned as having issues. But if it's really true that this shouldn't
be a problem with releases after October 2005 I think this is something
that this seems like less of a problem.
However there are other servers than Apache. For example, is it possible
to reasonably simple write code for IIS to deal with OPTIONS requests?
Can you write normal 'asp' (or is it called asp.net or aspx these days)
pages to do this?
2. Are currently deployed proxies able to deal properly with OPTIONS
requests?
/ Jonas
