[OpenAjaxSecurity] Revisions to W3C Access Control
Emmanouil Batsis (Manos)
manos at abiss.gr
Wed Jan 2 09:55:53 PST 2008
Jon Ferraiolo wrote:
> Good question. I'm not sure, but I remember discussion on the WAF public
> list where someone asked why they didn't use OPTIONS instead of GET and
> the answer was that not many server technologies support HEAD.
This must be a misunderstanding of sorts, I cant think of *one* HTTP
server app with no HEAD support. Even if this applies to a small
percentage, HEAD is the preferred method for the use case described
IMHO. In case HEAD returns a 501 (Non Implemented) then I guess a
"fallback" to GET would be appropriate.
Cheers,
Manos
--
Manos Batsis, Chief Technologist
__ _
____ _/ /_ (_)_________ ____ ______
/ __ `/ __ \/ / ___/ ___// __ `/ ___/
/ /_/ / /_/ / (__ |__ )/ /_/ / /
\__,_/_.___/_/____/____(_)__, /_/
/____/
5, Daphnidos Street,
14122, Neo Iraklio,
Athens, Greece
Tel: +30 210 2851517
Mob: +30 694 8376942
http://dev.abiss.gr
"BSD code is free code to be used in software. GPL code is code to be
used in free software." Kjella (173770), Slashdot
More information about the security
mailing list