On Wed, 7 Jun 2006, Mark Nottingham wrote: > > Blindly standardising what one vendor does doesn't make sense; do you > know *why* they consider it a security feature? > > The reputed security problems with various HTTP methods have been > brought up many times, but I have yet to see an explanation of how they > actually cause a security issue greater than supporting POST does.
Beyond curiosity, does it matter why? There's no point us publishing a spec that contradicts Microsoft's implementation if Microsoft's implementation is not going to change (which it isn't, if the reason for it being the way it is is Security). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
