ISSUE-25: IIS and Access-Control-Policy-Path [Access Control] from Web Application Formats Working Group Issue Tracker on 2008-06-06 (public-appformats@w3.org from June 2008)

From: Web Application Formats Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 6 Jun 2008 12:17:18 +0000 (GMT)
To: public-appformats@w3.org
Message-Id: <20080606121718.BDB6B6B62B@tibor.w3.org>

ISSUE-25: IIS and Access-Control-Policy-Path [Access Control]

http://www.w3.org/2005/06/tracker/waf/issues/

Raised by: Anne van Kesteren
On product: Access Control

IIS servers have an issue in that resources can be addressed by several distinct URIs as explained in this e-mail:

http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html

This impacts the design of Access-Control-Policy-Path to some extent. Two proposals have been put forward by members of the WG to address this issue:

A. If a URI (also one given during redirects, etc.) contains the "\.." sequence (or the escaped form) apply the generic network error steps.

B. Warn against using the Access-Control-Policy-Path feature in servers that exhibit this behavior.

Received on Friday, 6 June 2008 12:19:06 UTC