Anne van Kesteren wrote:
On Thu, 26 Apr 2007 22:37:47 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
I actually liked the idea of going through the clauses in the order
they appear. It seems logical and easy for authors to follow that logic.
However as I've been thinking about this I do think that "exclude" can
be useful, at least for the processing instruction. One example I
brought up was a server administrator inside a firewall wanting to
block access to all files from servers outside the firewall. Such a
header would likely look something like:
deny <*> exclude <http://*.intranet.company.com>
<https://*.intranet.company.com>
This would then allow the page to explicitly define which sites would
be able to access it, but would prevent the page from accidentally
allow access from an external site.
The use case for introducing this in the HTTP header is quite clear.
What's the reason for having it in the processing instruction?
Yes, I agree, this is only needed by the HTTP header.
Also, you want this in addition to the current mechanism, right?
See my latest proposal in my previous mail. Rather than having 'exclude'
additions to both allow and deny, I think it'd be simpler to have a
'default' rule as well. This rule wouldn't need to exist for the PI,
though it might be nice to have it just for consistency, I don't really
feel strongly either way.
