On 22.09.2010 20:05, Jonas Sicking wrote:
...
For what it's worth, I think "simple" is meant as "Must be handled by
servers today as HTML implementations can already send this request
cross site". Not as the HTTP definition of "must/should not have side
effects".
...
Yes. That's why I think it needs just rephrasing.
That said, I don't feel strongly either way of if PROPFIND should be
preflighted or not. But we would definitely have to ask "are you sure
that servers follow the spec and don't have side effects". I'll note
that it's well known that GET requests often have side effects despite
http saying they shouldn't.
Understood.
For GET I'm tempted to say: anybody who still hasn't learned about it
deserves breakage.
For PROPFIND (and other methods defined to be "safe"): it really doesn't
make sense to do a preflight OPTIONS for PROPFIND. Both are defined to
be safe. Both could have broken server implementations.
Best regards, Julian
