ISSUE-12
access-control-policy-path
IIS and Access-Control-Policy-Path
- State:
- CLOSED
- Product:
- CORS
- Raised by:
- Anne van Kesteren
- Opened on:
- 2008-06-23
- Description:
[[ This issue was created on 2008-06-06 as Issue #25 in the Web Applications Formats (WAF) WG and is copied in totality to the Web Applications WG's Issues database: <http://www.w3.org/2005/06/tracker/waf/issues/25> ]] IIS servers have an issue in that resources can be addressed by several distinct URIs as explained in this e-mail: http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html This impacts the design of Access-Control-Policy-Path to some extent. Two proposals have been put forward by members of the WG to address this issue: A. If a URI (also one given during redirects, etc.) contains the "\.." sequence (or the escaped form) apply the generic network error steps. B. Warn against using the Access-Control-Policy-Path feature in servers that exhibit this behavior.
- Related Actions Items:
- No related actions
- Related emails:
- Re: [cors] Review (from mnot@mnot.net on 2009-06-16)
- Re: [cors] Review (from annevk@opera.com on 2009-06-15)
- [access-control] Proposal to Close Issue#12 - IIS and Access-Control-Policy-Path (from art.barstow@nokia.com on 2008-10-09)
- [access-control] Issue list (from annevk@opera.com on 2008-07-08)
- Re: ISSUE-12 (access-control-policy-path): IIS and Access-Control-Policy-Path [Access Control] (from jonas@sicking.cc on 2008-06-23)
- ISSUE-12 (access-control-policy-path): IIS and Access-Control-Policy-Path [Access Control] (from sysbot+tracker@w3.org on 2008-06-23)
Related notes:
2008-10-21 16:04:04: Closed. See: http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0074.html [Arthur Barstow]
Display change log
