ISSUE-12: IIS and Access-Control-Policy-Path
access-control-policy-path
IIS and Access-Control-Policy-Path
- State:
- CLOSED
- Product:
- HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
- Raised by:
- Anne van Kesteren
- Opened on:
- 2008-06-23
- Description:
- [[ This issue was created on 2008-06-06 as Issue #25 in the Web Applications Formats (WAF) WG and is copied in totality to the Web Applications WG's Issues database:
<http://www.w3.org/2005/06/tracker/waf/issues/25> ]]
IIS servers have an issue in that resources can be addressed by several distinct URIs as explained in this e-mail:
http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html
This impacts the design of Access-Control-Policy-Path to some extent. Two proposals have been put forward by members of the WG to address this issue:
A. If a URI (also one given during redirects, etc.) contains the "\.." sequence (or the escaped form) apply the generic network error steps.
B. Warn against using the Access-Control-Policy-Path feature in servers that exhibit this behavior.
- Related Actions Items:
- No related actions
- Related emails:
- Re: [cors] Review (from mnot@mnot.net on 2009-06-16)
- Re: [cors] Review (from annevk@opera.com on 2009-06-15)
- [access-control] Proposal to Close Issue#12 - IIS and Access-Control-Policy-Path (from art.barstow@nokia.com on 2008-10-09)
- [access-control] Issue list (from annevk@opera.com on 2008-07-08)
- Re: ISSUE-12 (access-control-policy-path): IIS and Access-Control-Policy-Path [Access Control] (from jonas@sicking.cc on 2008-06-23)
- ISSUE-12 (access-control-policy-path): IIS and Access-Control-Policy-Path [Access Control] (from sysbot+tracker@w3.org on 2008-06-23)
Related notes:
Closed. See: http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0074.html
Arthur Barstow, 21 Oct 2008, 16:04:04Display change log