- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 02 May 2007 18:00:16 -0700
- To: Anne van Kesteren <annevk@opera.com>
- CC: "WAF WG (public)" <public-appformats@w3.org>
Anne van Kesteren wrote: > > On Thu, 26 Apr 2007 22:37:47 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> I actually liked the idea of going through the clauses in the order >> they appear. It seems logical and easy for authors to follow that logic. >> >> However as I've been thinking about this I do think that "exclude" can >> be useful, at least for the processing instruction. One example I >> brought up was a server administrator inside a firewall wanting to >> block access to all files from servers outside the firewall. Such a >> header would likely look something like: >> >> deny <*> exclude <http://*.intranet.company.com> >> <https://*.intranet.company.com> >> >> This would then allow the page to explicitly define which sites would >> be able to access it, but would prevent the page from accidentally >> allow access from an external site. > > The use case for introducing this in the HTTP header is quite clear. > What's the reason for having it in the processing instruction? Yes, I agree, this is only needed by the HTTP header. > Also, you want this in addition to the current mechanism, right? See my latest proposal in my previous mail. Rather than having 'exclude' additions to both allow and deny, I think it'd be simpler to have a 'default' rule as well. This rule wouldn't need to exist for the PI, though it might be nice to have it just for consistency, I don't really feel strongly either way.
Received on Thursday, 3 May 2007 01:02:46 UTC