On Thu, 07 Feb 2008 18:15:55 +0100, Close, Tyler J. <[EMAIL PROTECTED]> wrote:
Sure, and there are even cases of sites that can safely process cross-domain non-GET requests. This WG is trying to create a new way to do this, but the handling of accountability is... unclear.
It's really up to the server to decide on that. Part of the reason the server has to opt-in.
Is the user or the Referer-Root site accountable for a cross-domain non-GET request? Does the proposed protocol make it possible for the site hosting the resource to correctly determine the answer to that question?
Does http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0077.html help?
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
