Stewart Brodie wrote:
Jonas Sicking <[EMAIL PROTECTED]> wrote:
Anne van Kesteren wrote:
On Mon, 10 Dec 2007 15:47:37 +0100, Maciej Stachowiak <[EMAIL PROTECTED]>
wrote:
3) The spec as written doesn't "state nothing", it appears to clearly
require sending an entity body and does not allow ignoring the body or
throwing an exception regardless of what is allowed per RFC. So some
change is needed, one way or another.
Ok. How about we add a step 5 of the send() algorithm that states that
additional requirements in RFC 2616 are also to be taken into account.
That should effectively defer the issue to RFC 2616.
Does any currently released browse include the body when doing an XHR
GET request? If a big majority of them currently drop the body, then it
seems like it would help interoperability if the spec explicitly stated
that the body should be dropped.
IMHO this wouldn't be going against RFC 2616 as it's the application,
not the network layer, that drops the body.
Under no circumstances will my code permit an entity body to be sent as part
of a request for an object that is going to be requested via GET or HEAD.
It's just asking for trouble. It also will not permit related headers to be
set (Content-Length, Transfer-Encoding et al will be dropped)
Actually, once we're supporting cross site GET requests, I think we
there should definitely mention that the entity body of GET (and
probably HEAD) requests are dropped. Otherwise there is some risk that
there are servers out there that will do dangerous things when receiving
GET requests with an entity body, such as treat it as a POST.
This seems like just one more argument for explicitly stating that the
entity body for GET should be dropped at an XHR level.
/ Jonas