- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 22 May 2008 10:48:06 +0200
- To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, "Jonas Sicking" <jonas@sicking.cc>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Fri, 16 May 2008 18:44:43 +0200, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > I didn't follow the introduction of this feature, and couldn't find > much information that demonstrates how a feature like it is needed or > would pay off, but if introduced, the scope should always be the whole > triple of scheme, host, and port, not individual paths. As you note, > the effect will often be the same either way. The feature avoids the overhead you get when you need to issue 10 POST requests to 10 distinct URIs on the same server scoped to some path. Without Acess-Control-Policy-Path that requires 20 requests. With Access-Control-Policy-Path it requires 12. So for the N requests you want to make it roughly safes you of N additional requests for larger values of N. Ian was one of the persons who proposed this feature and he doesn't think it's worthwhile to have it if it's scoped to the entire triple (just allowing the / value for instance). I'm in a bit of a dilemma as there were a lot of requests for a feature like this. Should we either recommend that authors not use this on servers where the path part of the URI doesn't necessarily match the phyisical location on the disk, as is the case on IIS servers and specifically configured Apache servers for instance, should we drop the feature for now, or should we keep the feature but rename it and restrict it to /? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 22 May 2008 08:48:50 UTC