ISSUE-73: Opting into methods/headers
Opting into methods/headers
- State:
- CLOSED
- Product:
- HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
- Raised by:
- Anne van Kesteren
- Opened on:
- 2008-06-06
- Description:
- The current Access Control model allows all methods to be used and all headers (apart from a blacklist and some headers require a preflight request in case of GET).
There is a proposal to only allow methods and headers the server has opted into:
[AC] Helping server admins not making mistakes
<http://lists.w3.org/Archives/Public/public-appformats/2008May/0034.html>
This would make the server more secure by default when opting into Access Control.
The drawback is again that it makes the model more complicated and more prone to bugs. - Related Actions Items:
- No related actions
- Related emails:
- Re: Call for Exclusions: DOM Parsing and Serialization (from art.barstow@nokia.com on 2013-12-10)
Related notes:
Moved to Issue #14 in the Web Application WG's Issues database:
<http://www.w3.org/2008/webapps/track/issues/14>
Display change log