I'm not really happy about re-implementing basic Features of HTML via JS,

just cause of a limited processing (and thats what this return if... is)

And as you know, Each method could be faked and just limiting on POST is just like

putting a sign in front of fort knox sayin "There is no gold, bye".

Sure, if there is a better solution to only on GET and POST methods it would be great to implement

its for accessing GET-Params ;) which wont work otherwise,

I used this for the section-switcher in the updxlrtr.

Kind regards,

Ingo Weigert

2013/4/25 Michael Tremer <michael.tremer@ipfire.org>

Hey,

I think the original intention to filter for POST requests is to prevent
cross-site scripting issues. However, it is not a huge problem to create
a POST request with JS.

I am still not convinced that we should remove this line. It makes XSS
attacks more easy and therefore more dangerous.

For what exactly is this modification required?

-Michael

On Wed, 2013-04-24 at 18:22 +0200, Jörn-Ingo Weigert wrote:
> This add GET-Parameters for xlrtrsettings in header.pl
>
>
> http://git.ipfire.org/?p=people/jiweigert/ipfire-2.x.git;a=commit;h=b836edd0511e2cfc807292ff84322e71aa2dd7ec
>
> _______________________________________________
> Development mailing list
> Development@lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development