On 12/14/07, Jonas Sicking <[EMAIL PROTECTED]> wrote: > Actually, once we're supporting cross site GET requests, I think we > there should definitely mention that the entity body of GET (and > probably HEAD) requests are dropped. Otherwise there is some risk that > there are servers out there that will do dangerous things when receiving > GET requests with an entity body, such as treat it as a POST.
Nah. And if a server does that, whomever installed it only has themselves to blame. > This seems like just one more argument for explicitly stating that the > entity body for GET should be dropped at an XHR level. No. Look, if you don't want to have to take on the extra work of fully supporting HTTP (for what is, admittedly, currently a fringe case), fine, don't. Just please don't ask that we tell those who are willing to do so, that they can't. Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com