Sunava Dutta schrieb:
Hello Julian, We do currently support all WebDAV HTTP verbs from RFC2518.PROPFIND PROPPATCH MKCOL GET HEAD POST DELETE PUT COPY MOVE LOCK UNLOCK And also OPTIONS. Details available here: http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml /reference/objects/obj_xmlhttprequest.asp
It's nice to know that you (know) allow the methods that you implement in Microsoft products. But what about other methods specified in IETF RFCs (RFC3253, RFC3648, RFC3744, ...) -- not invented here, thus evil? They (still) do not work. What's the point in putting known methods into a white list? By definition, POST is the most insecure methods because it can do *anything*, so why restrict anything at all if you allow POST?
Best regards, Julian
