- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 13 Jun 2007 12:54:56 -0700
- To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Anne van Kesteren wrote: >> I also thought of a pretty important use-case that requires "deny" in >> the PIs. If the server sets an allow header, but you want to put a file >> on that server that you *don't* want people from other servers to have >> access to, you need to be able to specify that directly in the file. It >> is not enough to simply not put any AC PIs in the file since then the >> servers 'accept' will be used. > > You could use > > <?access-control allow="*" exclude="*"?> > > However, I added <?access-control deny=...?> for now. From my reading of the spec that would simply do nothing. It wouldn't stop another AC rule from granting access, such as one living in the headers. Isn't that the case? / Jonas
Received on Wednesday, 13 June 2007 19:56:20 UTC