-John
On Feb 4, 2008, at 2:41 AM, "Anne van Kesteren" <[EMAIL PROTECTED]>
wrote:
On Mon, 04 Feb 2008 10:27:03 +0100, Jonas Sicking <[EMAIL PROTECTED]>
wrote:
If I do a POST using AC to a http://example.com/form.cgi and the
initial OPTIONS request forwards to http://example.org/pub/
form.cgi, does that mean that the POST goes directly to the second
URI?
Yes, you proposed this (although I pointed out later that this was
already in the draft, though unclear):
http://lists.w3.org/Archives/Public/public-webapi/2007Jul/0042.html
That seems like a bad idea to me since it makes cross-site requests
behave very different from same-site requests, rather than just
differing in authorization.
I don't see what the issue is. They already behave very differently
as they require a preflight OPTIONS request. Comments like these do
worry me a bit about the state of your implementation though. :-(
Presumably the cgi could be requestable from a same-domain page as
well. Leading to totally different (unintended) behavior in each case.
