On Jan 5, 2008, at 11:24, Bjoern Hoehrmann wrote:

> The only problem that has been
> mentioned so far is that scripts running under Apache's mod_cgi up  
> until
> October 2005 are not invoked on OPTIONS requests. Scripts usually do  
> not
> run under mod_cgi for usability, performance, and security reasons,  
> they
> run under specialized modules like mod_php. Ian's server has since  
> been
> upgraded to an Apache version that does not have this problem, and  
> so'll
> be many other servers by the time implementations are deployed.

Hixie also said that having mod_dav loaded still makes Apache not  
expose OPTIONS to other modules.

> The question you are asking with an access check request is "What  
> methods
> may I use for this URL" while the processing instruction is meant to
> control "Who may I share these bytes with".

I agree that these are distinct questions. Moreover, I think the XML  
PI approach makes sense for the latter case but not the former case.

Henri Sivonen

Received on Saturday, 5 January 2008 11:10:13 UTC