The following reply was made to PR config/495; it has been noted by GNATS. From: Steven Champeon <[EMAIL PROTECTED]> To: Dean Gaudet <[EMAIL PROTECTED]> Subject: Re: config/495: AddType application/x-javascript .js breaks SSIs in IncludesNOEXEC dirs Date: Mon, 28 Apr 1997 15:27:40 -0400
At 11:41 AM 4/28/97 -0700, Dean Gaudet graced us with: > The current behaviour sounds correct to me. Don't name your SSIs with a > .js... if you want them to be called something other than .html you could > try .htmlf (html fragment) and "AddType text/html htmlf". We open up lots > of potential problems by changing this. Normally, I use ".inc" for "INClude". That's what I had to go back to. I'm just sort of baffled as to why a file type without an appropriate handler is being rejected for inclusion by an SSI due to the *potential* for execution. I don't want to open up an asp. style hole in things, I just want to be able to name my file fragments so I can distinguish between them on disk. :) Besides, a file without a registered ext should default to whatever the deafult MIME type is set to, right? So I shouldn't have to AddType for some random file fragment. Let me make sure I have the order right. 1) check MIME type of "random.js" using mime.types or AddType configs 2) check server config 3) check per-dir config 4) reject due to potential for execution Where would a handler check go in this sequence? Steve -- Steven Champeon | Negative forces have value. http://www.hesketh.com/schampeo | - Henry Adams
