On Thu, 17 Jan 2008 00:00:38 +0100, Thomas Roessler <[EMAIL PROTECTED]> wrote:
The current specification is phrased in terms of GET (safe) vs
non-GET (meaning unsafe, actually not entirely accurate given the
existence of HEADERS) requests.
That means that there is an assumption here that HTTP methods such
as DELETE and PUT might be used cross-site.
If that assumption is kept, we should document corresponding use
cases, and have an explicit requirement.
You could have an editing tool on editing.example.org that you use to edit
your website on foo.invalid. The editing tool uses a simple interface
implemented by your server (APP, perhaps?) to add, remove, edit, etc.
resources.
In general it is about making the use cases HTTP has work in a cross-site
fashion.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
