- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 14 Jun 2007 10:42:41 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
On Wed, 13 Jun 2007 21:54:56 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > Anne van Kesteren wrote: >>> I also thought of a pretty important use-case that requires "deny" in >>> the PIs. If the server sets an allow header, but you want to put a file >>> on that server that you *don't* want people from other servers to have >>> access to, you need to be able to specify that directly in the file. It >>> is not enough to simply not put any AC PIs in the file since then the >>> servers 'accept' will be used. >> You could use >> <?access-control allow="*" exclude="*"?> >> However, I added <?access-control deny=...?> for now. > > From my reading of the spec that would simply do nothing. It wouldn't > stop another AC rule from granting access, such as one living in the > headers. Isn't that the case? It is. I was being silly. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 14 June 2007 08:43:03 UTC