- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 03 May 2007 04:24:01 -0700
- To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Anne van Kesteren wrote:
> On Thu, 03 May 2007 03:00:16 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>>> Also, you want this in addition to the current mechanism, right?
>>
>> See my latest proposal in my previous mail. Rather than having
>> 'exclude' additions to both allow and deny, I think it'd be simpler to
>> have a 'default' rule as well. This rule wouldn't need to exist for
>> the PI, though it might be nice to have it just for consistency, I
>> don't really feel strongly either way.
>
> I missed that. The current mechanism is actually defined in such a way
> that order is not important. I'm not sure what the affect of changing
> that would be.
I know, but I propose we change that since I think the current algorithm
is hard to easily see what results it produces, as you described in the
initial mail in this thread.
> Also, you still need to have allow and exclude for the
> processing instruction so supporting the same logic for the HTTP header
> makes more sense to me. Basically:
>
> rule ::= type (pattern)+ ("exclude" (pattern)+)?
> type ::= allow | deny
My propsal was that we have "allow", "deny" and "default" for the HTTP
header and "allow" and "deny" for the PIs. The logic would be exactly
the same between them. We could even have "allow", "deny" and "default"
for the PIs and let the processing be exactly the same, the effect would
be that for PIs "deny" and "default" would have the same effect.
/ Jonas
Received on Thursday, 3 May 2007 11:24:05 UTC