Aaron Coburn
Aaron Coburn
Related to the `origin-form` request (e.g., `GET / HTTP/1.1`), the "get-off-my-lawn" [RFC 8820, section 2.3](https://datatracker.ietf.org/doc/html/rfc8820#section-2.3) is relevant. The key point made there is that a specification should not require or...
First, :+1: on removing `OPTIONS *` Second, it is possible to put `OPTIONS` requests into two categories: 1. CORS pre-flight requests. These _never_ include authorization headers 2. Everything else Because...
CORS preflight requests are a vitally important consideration. What I might suggest is this: * servers need to be able to distinguish between CORS preflight `OPTIONS` requests and all other...
> @acoburn (suggested using http://www.trellisldp.org/ns/trellis#effectiveAcl) I would _not_ suggest this. If I have suggested this in the past, I have changed my mind and do not think it solves the...
Whether there exists a link to an "effective ACL" or not, when inheritance is in effect with WAC, any client needs to understand _a lot_ about the overall (global) structure...
> I would not think a client should do anything about discovering an ACL This is true, but only in certain cases. There are also cases where a client will...
@bblfish I will just say that "it's complicated". When writing apps that interact directly with ACLs, I have yet to be convinced that this mechanism will ultimately make things easier....
> Well it will save 2n+1 requests to find them, that I made crystal clear above. There is no doubt about it. Indeed. And now you need to traverse the...
Consider the structure: ``` / container/ * child1/ * grandchild1a grandchild1b grandchild1c * child2/ grandchild2a grandchild2b * grandchild2c child3/ grandchild3a grandchild3b grandchild3c * ``` There is an acl on all...
@bblfish my suggestion: implement this yourself on the code you are writing. Then write some apps. Then decide whether this is a good idea. I have been through that process,...