W3C home > Mailing lists > Public > public-appformats@w3.org > July 2007

Re: [ac] wildcard rules and subdomains

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 6 Jul 2007 12:24:15 +0200
To: Jonas Sicking <jonas@sicking.cc>
Cc: Mark Nottingham <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <20070706102414.GC6561@raktajino.does-not-exist.org>

On 2007-07-05 15:16:34 -0700, Jonas Sicking wrote:

> This is not the case in our spec, if the author misses adding
> example.com to Content-Access-Control: deny <*.evil.com> very bad
> things can happen.

I guess that demonstrates why the deny tag isn't that good an idea
in the first place.

Thomas Roessler, W3C  <tlr@w3.org>
Received on Friday, 6 July 2007 10:24:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:19 UTC