W3C home > Mailing lists > Public > public-appformats@w3.org > June 2007

Re: [access-control] update from the editor

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 13 Jun 2007 12:54:56 -0700
Message-ID: <46704B90.2020106@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>

Anne van Kesteren wrote:
>> I also thought of a pretty important use-case that requires "deny" in
>> the PIs. If the server sets an allow header, but you want to put a file
>> on that server that you *don't* want people from other servers to have
>> access to, you need to be able to specify that directly in the file. It
>> is not enough to simply not put any AC PIs in the file since then the
>> servers 'accept' will be used.
> 
> You could use
> 
>   <?access-control allow="*" exclude="*"?>
> 
> However, I added <?access-control deny=...?> for now.

 From my reading of the spec that would simply do nothing. It wouldn't 
stop another AC rule from granting access, such as one living in the 
headers. Isn't that the case?

/ Jonas
Received on Wednesday, 13 June 2007 19:56:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT