On Tue, 16 Oct 2007 12:13:19 +0200, Anne van Kesteren <[EMAIL PROTECTED]> wrote:
CONNECT is also a security issue. The SHOULD-level requirement is about supporting arbitrary HTTP methods, not TRACE, CONNECT, and apparently TRACK, specifically. The open() algorithm allows user agents to throw a SECURITY_ERR exception for methods with security implications though it doesn't call the known ones out explicitly. It probably should.
It now calls out the insecure methods CONNECT, TRACE, and TRACK. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
