On Dec 9, 2008, at 10:45 AM, Chris Darroch wrote:
This is all fairly simple, I think, especially if
MatchNotAny/RequireNone is removed as well so that Require retains
its
apparent meaning everywhere. See if the patch below meets your
expectations; if so, I'll commit it and update the
Roy T. Fielding wrote:
I don't see a problem with RequireNone inverting the logic, and
I think it would actually be useful for blocking a set of bad
clients. Is it difficult to include that without MatchNotAny?
Not at all difficult; trivial, in fact. The only reason I took
it out as well
I am a little frustrated by the changes to authorization since 2.2.
I don't understand why they were needed in the first place, nor why
we need two different but equally incomprehensible ways to configure
the same things.
I totally understand the desire to make the implementation more
modular
Roy T. Fielding wrote:
I totally understand the desire to make the implementation more
modular and to make a more sensible Satisfy logic, but I don't
understand the need for Match (as opposed to just extending Require)
and the odd changes in defaults (multiple Require defaults to
MatchAny
Hi --
This is all fairly simple, I think, especially if
MatchNotAny/RequireNone is removed as well so that Require retains its
apparent meaning everywhere. See if the patch below meets your
expectations; if so, I'll commit it and update the docs.
Sorry, here's a slightly updated one