- From: Sunava Dutta <sunavad@windows.microsoft.com>
- Date: Wed, 9 Jul 2008 15:24:52 -0700
- To: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>
- CC: WebApps WG <public-webapps@w3.org>
> > I prefer > > Access-control: * > > Access-control: <URL> > > I suppose it would be slightly shorter, but it's also less clear. Why is it less clear? Seems explicit to me. > > Access-control: -<URL> > > What is the use case for this? I suggested this as equivalent to Jonas recommendation..." "Access-Control" ":" "deny" "<" URL ">"" (Jonas had it at allow) " I'd like to keep the simple check simple and stable over time. New features can be added through headers, as we're doing with credentials, headers, and methods" I think this proposal is simple. It has the benefits of what I think Jonas meant when he said he would prefer the latter one as it allows for future expansions. Having Access-control as opposed to Access-Control-Allow-Origin enables the header to be flexible. > -----Original Message----- > From: Anne van Kesteren [mailto:annevk@opera.com] > Sent: Wednesday, July 09, 2008 3:18 PM > To: Sunava Dutta; Jonas Sicking > Cc: WebApps WG > Subject: Re: [access-control] Update > > On Wed, 09 Jul 2008 23:54:17 +0200, Sunava Dutta > <sunavad@windows.microsoft.com> wrote: > > I prefer > > Access-control: * > > Access-control: <URL> > > I suppose it would be slightly shorter, but it's also less clear. > > > > In the future, denying a particular URL can be represented using the > "-" > > sign? > > Access-control: -<URL> > > What is the use case for this? > > > I'd like to keep the simple check simple and stable over time. New > features can be added through headers, as we're doing with credentials, > headers, and methods. > > > -- > Anne van Kesteren > <http://annevankesteren.nl/> > <http://www.opera.com/>
Received on Wednesday, 9 July 2008 22:25:51 UTC