couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Weimer>
Subject Re: Futon cannot use the RESTful HTTP API
Date Fri, 19 Feb 2010 20:45:17 GMT
* J. Chris Anderson:

> Because of the sensitive nature of security issues we've been
> discussing this on the security list.

Uhm, it's not really sensitive, given that authentication is such a
recent feature.

> You've mentioned a couple of times that XHR can make cross-domain
> post requests. I'm not sure this is the case (I know you can do
> cross domain form posts).

It's true for some Webkit-derived browsers (but I haven't checked the
major implementations, Safari and Chrome).

Firefox can also submit almost arbitrary POST data (certainly valid
JSON syntax) using a form with enctype="text/plain", and the HttpOnly
cookie is passed along.

View raw message