- From: Anne van Kesteren <annevk@opera.com>
- Date: Sun, 10 Feb 2008 13:05:28 +0100
- To: "Ian Hickson" <ian@hixie.ch>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Sun, 10 Feb 2008 00:01:47 +0100, Ian Hickson <ian@hixie.ch> wrote: > On Sat, 9 Feb 2008, Anne van Kesteren wrote: >> The current specification does not prepend a slash. It requires the URI >> to match the abs_path production from RFC 2616. It does append a slash >> for comparison purposes. I explained this in the other e-mail. > > The spec is somewhat unclear about this. In particular: > > * I can't find where it says what to do if the Policy-Path isn't an > abs_path. If ...-Policy-Path can't be parsed the generic network error steps are applied. For instance, this would happen if it contains the value #PING ;-) > * I can't find where it says what to do if the Policy-Path on the > original OPTIONS request is the same as the original request URI. Fixed. > * "If policy URI with an additional trailing slash, if not present," > doesn't really make sense to me. How can an _additional_ trailing > slash ever be present? You can always add more slashes... I > recommend simply being more explicit and tedious in the explanation. It's a lot more explicit now. > Later it says "The Access-Control-Origin header is set, obviously". I > don't think there's anything obvious about it. :-) In the section that defines "cross-site access requests" this is made quite clear (end of 5.1). Is that not sufficient? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Sunday, 10 February 2008 12:01:33 UTC