Re: Proposal for ... POST when dealing with large numbers of URIs

Anne van Kesteren wrote:
> On Wed, 06 Feb 2008 12:08:15 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
>> Note that this isn't a problem with 'deny' rules. The exact same 
>> problem is there if OPTIONS requests to /dir/B doesn't return any AC 
>> headers at all. Just wanted the example to be more specific.
> 
> I don't quite get the concern. Under what circumstances can author A 
> control /dir/ and /dir/A and not /dir/B? Could you elaborate some more 
> on the specific details?

So keeping with the two concerns I had in my initial mail:

1 is showing that we're introducing ordering issues given a certain 
configuration. Just the sheer fact that ordering issues can arise is IMO 
bad and is likely to occationally lead to servers with the wrong setup.

It definitely makes checking what policy is applying to a resource much 
more complicated as you have to look at the headers both for the 
resource itself, and for all its parent directories. Even if the 
resource doesn't include a Access-Control-Policy-Path header. This makes 
us much worse at complying with requirement 13.

Regarding 2, I'm not really sure if such scenarios are common, no.

/ Jonas

Received on Wednesday, 6 February 2008 19:45:05 UTC