On Sun, 10 Feb 2008 00:01:47 +0100, Ian Hickson <[EMAIL PROTECTED]> wrote:
On Sat, 9 Feb 2008, Anne van Kesteren wrote:
The current specification does not prepend a slash. It requires the URI
to match the abs_path production from RFC 2616. It does append a slash
for comparison purposes. I explained this in the other e-mail.
The spec is somewhat unclear about this. In particular:
* I can't find where it says what to do if the Policy-Path isn't an
abs_path.
If ...-Policy-Path can't be parsed the generic network error steps are
applied. For instance, this would happen if it contains the value #PING ;-)
* I can't find where it says what to do if the Policy-Path on the
original OPTIONS request is the same as the original request URI.
Fixed.
* "If policy URI with an additional trailing slash, if not present,"
doesn't really make sense to me. How can an _additional_ trailing
slash ever be present? You can always add more slashes... I
recommend simply being more explicit and tedious in the explanation.
It's a lot more explicit now.
Later it says "The Access-Control-Origin header is set, obviously". I
don't think there's anything obvious about it. :-)
In the section that defines "cross-site access requests" this is made
quite clear (end of 5.1). Is that not sufficient?
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
