ISSUE-25: IIS and Access-Control-Policy-Path [Access Control] http://www.w3.org/2005/06/tracker/waf/issues/
Raised by: Anne van Kesteren On product: Access Control IIS servers have an issue in that resources can be addressed by several distinct URIs as explained in this e-mail: http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html This impacts the design of Access-Control-Policy-Path to some extent. Two proposals have been put forward by members of the WG to address this issue: A. If a URI (also one given during redirects, etc.) contains the "\.." sequence (or the escaped form) apply the generic network error steps. B. Warn against using the Access-Control-Policy-Path feature in servers that exhibit this behavior.
