[p3t] x-www-form-urlencoded prohibition
Paul Harrison
paul.harrison at manchester.ac.uk
Thu May 23 13:05:18 CEST 2024
> On 23 May 2024, at 08:16, Joshua Fraustro via p3t <p3t at ivoa.net> wrote:
>
> I will note generally to this discussion, that the goal of the tiger team was not simply to provide an OpenAPI spec for IVOA services, but also take the opportunity to examine the way we invoke these services, their behaviors, and whether those are consistent with modern HTTP service development practices. The lines we're discussing in my slides, are examples of this kind of examination.
I get that, and I was mainly pointing out that security is not a direct driver for removing x-www-form-urlencoded. However, removing x-www-form-urlencoded is basically like saying that we are moving from a regime that the client side of the protocols has to be implemented in Javascript rather than HTML in browsers. I am generally in favour of limiting options and perhaps that is what we do want to do, but it is quite a big step.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ivoa.net/pipermail/p3t/attachments/20240523/a5a4fc6c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2893 bytes
Desc: not available
URL: <http://mail.ivoa.net/pipermail/p3t/attachments/20240523/a5a4fc6c/attachment.p7s>
More information about the p3t
mailing list