Re: [AC] Access Control Algorithm

On Mon, 21 May 2007 12:58:05 +0200, Thomas Roessler <tlr@w3.org> wrote:
> On 2007-05-07 17:31:17 +0200, Anne van Kesteren wrote:
>> Yes, my proposal was to allow "deny <rules> exclude <rules>" in
>> addition on HTTP headers.
>
> Ugh.  That once again introduces an order dependency when evaluating
> the header, and makes things unnecessarily more fragile.

The latest editor draft tightly defines this. Instead of introducing an  
order dependency it simply builds up to separate lists which are then  
checked in order. (The deny list before the allow list.)


> (Also, you mentioned the effect on same-origin requests yourself,
> which might be rather unintuitive...)

This is always an issue. However, the draft clearly states everything only  
applies when the policy applies.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Monday, 21 May 2007 11:40:50 UTC