On Wed, 30 Jan 2008 21:41:04 +0100, Thomas Roessler <[EMAIL PROTECTED]> wrote:
I'd suggest to say this instead:
It should not be possible to perform cross-site non-safe
operations [RFC 2616], i.e., HTTP operations except for GET, HEAD,
and OPTIONS, without an authorization check being performed.
I'm no longer suggesting that we include a reference to UPNP in this
part.
Also, please use an ordered list for the sub-requirements to
requirement 1, as discussed just now in the call.
Presumably, this takes care of ACTION-160 on Art as well. ;)
Fixed thanks. (Though please check.)
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
