6 Jun 2008 14:17
ISSUE-25: IIS and Access-Control-Policy-Path [Access Control]
Web Application Formats Working Group Issue Tracker <sysbot+tracker <at> w3.org>
2008-06-06 12:17:18 GMT
2008-06-06 12:17:18 GMT
ISSUE-25: IIS and Access-Control-Policy-Path [Access Control] http://www.w3.org/2005/06/tracker/waf/issues/ Raised by: Anne van Kesteren On product: Access Control IIS servers have an issue in that resources can be addressed by several distinct URIs as explained in this e-mail: http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html This impacts the design of Access-Control-Policy-Path to some extent. Two proposals have been put forward by members of the WG to address this issue: A. If a URI (also one given during redirects, etc.) contains the "\.." sequence (or the escaped form) apply the generic network error steps. B. Warn against using the Access-Control-Policy-Path feature in servers that exhibit this behavior.
RSS Feed