W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

RE: [access-control] Update

From: Sunava Dutta <sunavad@windows.microsoft.com>
Date: Wed, 9 Jul 2008 15:24:52 -0700
To: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>
CC: WebApps WG <public-webapps@w3.org>
Message-ID: <083D18C6B9B71F4CBCA7B76D97B748310C813A49D2@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
> > I prefer
> > Access-control: *
> > Access-control: <URL>
>
> I suppose it would be slightly shorter, but it's also less clear.

Why is it less clear? Seems explicit to me.

> > Access-control: -<URL>
>
> What is the use case for this?

I suggested this as equivalent to Jonas recommendation..." "Access-Control" ":" "deny" "<" URL ">""
(Jonas had it at allow)

" I'd like to keep the simple check simple and stable over time. New features can be added through headers, as we're doing with credentials, headers, and methods"

I think this proposal is simple. It has the benefits of what I think Jonas meant when he said he would prefer the latter one as it allows for future expansions.

Having Access-control as opposed to Access-Control-Allow-Origin enables the header to be flexible.




> -----Original Message-----
> From: Anne van Kesteren [mailto:annevk@opera.com]
> Sent: Wednesday, July 09, 2008 3:18 PM
> To: Sunava Dutta; Jonas Sicking
> Cc: WebApps WG
> Subject: Re: [access-control] Update
>
> On Wed, 09 Jul 2008 23:54:17 +0200, Sunava Dutta
> <sunavad@windows.microsoft.com> wrote:
> > I prefer
> > Access-control: *
> > Access-control: <URL>
>
> I suppose it would be slightly shorter, but it's also less clear.
>
>
> > In the future, denying a particular URL can be represented using the
> "-"
> > sign?
> > Access-control: -<URL>
>
> What is the use case for this?
>
>
> I'd like to keep the simple check simple and stable over time. New
> features can be added through headers, as we're doing with credentials,
> headers, and methods.
>
>
> --
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>

Received on Wednesday, 9 July 2008 22:25:51 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT