W3C home > Mailing lists > Public > public-appformats@w3.org > July 2007

Re: [ac] wildcard rules and subdomains

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 06 Jul 2007 10:23:10 -0700
Message-ID: <468E7A7E.20506@sicking.cc>
To: Jonas Sicking <jonas@sicking.cc>, Mark Nottingham <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>

Thomas Roessler wrote:
> On 2007-07-05 15:16:34 -0700, Jonas Sicking wrote:
> 
>> This is not the case in our spec, if the author misses adding
>> example.com to Content-Access-Control: deny <*.evil.com> very bad
>> things can happen.
> 
> I guess that demonstrates why the deny tag isn't that good an idea
> in the first place.

sigh, keeping saying that without coming up with an alternative seems 
very unproductive.

/ Jonas
Received on Friday, 6 July 2007 17:23:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC