- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 08 Feb 2008 14:30:46 -0800
- To: Ian Hickson <ian@hixie.ch>, "WAF WG (public)" <public-appformats@w3.org>
So I had a couple of additional smaller inputs to this. So first off, I'm not sure if the correct place to require directory-wide policies to be place is "/foo/" or "/foo". Do both of these from a uri point of view represent the directory resource? I know servers redirect to "/foo/", but I think that's just to get relative URIs in the default resource for the directory to be resolved correctly. The question here is, which uri refers to the directory, is it "/foo" or "/foo/". One argument for using "/foo/" is that servers by default might automatically always forward "/foo" to "/foo/", even for OPTIONS requests, which would be an unnecessary roundtrip. It seems like the current spec uses "/foo/" just to be able to do substring matches. This seems like the wrong reason to make this decision. Second, I don't think we should automatically be "fixing up" the directory uri by prepending and/or appending slashes if they aren't there. In all other cases we opt to fail if the required syntax is wrong, which seems like the safer thing when it comes to security. I think we should apply the same rule here. / Jonas
Received on Friday, 8 February 2008 22:31:15 UTC