Open
Bug 1052423
Opened 10 years ago
Updated 2 years ago
Prevent XMLHttpRequests with methods except for GET, HEAD or OPTIONS in prerendered documents
Categories
(Core :: DOM: Core & HTML, defect, P5)
Tracking
()
NEW
People
(Reporter: ehsan.akhgari, Unassigned)
References
(Blocks 1 open bug)
Details
POST specifically would be super dangerous...
|
||
Comment 1•10 years ago
|
||
Why in the world should we do this to POST?
(1) There's been no mention of this that I'm aware of in the whatwg mailing lists.
(2) Are you thinking this should be for content-only, or are you thinking of whacking privileged code support for this as well?
(3) Is it because multipart/form-data is hard to get right? That might be an issue for file uploads (which is a whole different story) or large fields of data, but x-www-form-urlencoded works fine most of the time.
(4) XHR POST has been there from the very beginning; it's why XHR.send() takes an argument, for the body of the request. This would be a major change away from the standard.
|
Reporter | |
Comment 2•10 years ago
|
||
(In reply to Alex Vincent [:WeirdAl] from comment #1)
> Why in the world should we do this to POST?
Sorry incomplete bug title.
Summary: Prevent XMLHttpRequests with methods except for GET, HEAD or OPTIONS → Prevent XMLHttpRequests with methods except for GET, HEAD or OPTIONS in prerendered documents
|
||
Comment 3•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046
Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5.
If you have questions, please contact :mdaly.
Priority: -- → P5
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•