On Fri, 14 Dec 2007 19:29:10 +0100, Jonas Sicking <[EMAIL PROTECTED]> wrote:
Actually, once we're supporting cross site GET requests, I think we there should definitely mention that the entity body of GET (and probably HEAD) requests are dropped. Otherwise there is some risk that there are servers out there that will do dangerous things when receiving GET requests with an entity body, such as treat it as a POST.
I have not done it for HEAD because that requires an authorization request first.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
