- From: Koen Holtman <koen@win.tue.nl>
- Date: Fri, 14 Feb 1997 19:25:30 +0100 (MET)
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, roeber@netscape.com
- Cc: Koen Holtman <koen@win.tue.nl>
Frederick G.M. Roeber recently told me about a problem in the
transparent content negotiation specification. In section 2.2, the
spec defines:
neighbor
Two resources are called neighbors if the absolute URI of the
first resource up to its last slash equals the absolute URI of
the second resource up to its last slash. The neighboring
relation is important because of security considerations; see
section 14.2.
The problem is an absolute URI may not have a slash in it at all, so the
definition does not work for every URI. The URN working group is planning
URIs like `urn:isbn:0-201-10174-2'.
Luckily, the solution is very simple. The neighbor definition is only
applied in the context of HTTP cache security, so every non-http
resource can be defined as a non-neighbor. I therefore propose the
following fix:
neighbor
Two resources are called neighbors if they both have a HTTP URL
and if the absolute URL of the first resource up to its last
slash equals the absolute URL of the second resource up to its
last slash. The neighboring relation is important because of
security considerations; see section 14.2.
Koen.
Received on Friday, 14 February 1997 10:38:07 UTC