On 2007/12/18, at 12:43 PM, Jonas Sicking wrote:
Julian Reschke wrote:
Jonas Sicking wrote:
Disagreed. Please do not try to standardize HTTP APIs that
profile what HTTP allows.
XHR already disallows a lot of things that HTTP allows. Setting
certain headers, cross site requests, etc. Why is this different?
XHR should only disallow things when there's a good reason to do
so, that is, when the fact that XHR requests can be invoked by
client-side script in HTML pages affects the security picture.
I don't see what that would have to do with GET bodies.
Interoperability is IMHO a pretty good reason.
Yes, but not by profiling down the spec arbitrarily.
I can't say I care super much, but I still don't see any value in
allowing bodies with GET requests.
The TAG and others have often talked about using GET on bodies. Not
many people are doing it now (I have seen a few, under controlled
conditions), but they very well may want to in the future.
Cheers,
--
Mark Nottingham [EMAIL PROTECTED]
