Jonas Sicking wrote:
Disagreed. Please do not try to standardize HTTP APIs that profile
what HTTP allows.
XHR already disallows a lot of things that HTTP allows. Setting certain
headers, cross site requests, etc. Why is this different?
XHR should only disallow things when there's a good reason to do so,
that is, when the fact that XHR requests can be invoked by client-side
script in HTML pages affects the security picture.
I don't see what that would have to do with GET bodies.
Besides that, Björn already reported that both IE7 and FF happily pass
the body, as they should (IMHO).
My reading of Björns email was that they did not drop it for HEAD,
OPTIONS and EXAMPLE did not drop the entity body. In my testing IE,
Firefox and Opera all dropped the entity body of GET requests.
OK. If an implementation behaves differently for GET and HEAD - *except*
for handling the response body - this is very clearly a bug, as stated
by Björn. Do you want to wire that bug into XHR?
So if for no other reason, interoperability seems like a good argument
for stating that this should be done.
Again disagreed. Interoperability may be a good argument for warning
people about a certain feature, not requiring everybody not to support it.
BR, Julian
