|
Roger Binns
rogerb at rogerbinns.com
Sat May 12 02:35:14 EDT 2007
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graham Dumpleton wrote: > You appear to be > wanting to side step the RFC and ignore what the standard says and > have it interpreted your way which just seems wrong. The standard significantly predates things like REST and comes from the days when web servers pretty much served up a content from a filesystem with a cgi directory stuck on the side for dynamic things. In my case, yes I do want want the URLs left untranslated when the prefix indicates my REST service. > Note how it says that are removed as part of the resolution process. On Monday I'll investigate if I can prevent this happening by using a PythonTransHandler or possibly the header handler if they get called before the URI is munged. > You just seem to be going about this the wrong way. Why do you expect > a URI that resolves to be outside of the base URI for your handler to > still result in your handler being called? It doesn't map outside. The URI is /api/v1/widget/ followed by a name but I need to find a way to tell Apache that the name portion really is just a string literal and any ../ sequences are not attempts at relative paths. > If it is important that it > isn't, you should be generating URIs that map to outside of your base > URI in the first place. Technically I am not generating them. The user of my system causes them to occur if they ever put ../ into the names of items. They choose the names. I am not a fan of humans having to adapt to the idiosyncrasies of computers. It should be the other way round. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGRWAimOOfHg372QQRAumrAJ9DQcwz0ML9tBNnFHGNrxaTvusibQCgofFa waKlh5jr/QoVZFMhlg+KFQA= =t0ge -----END PGP SIGNATURE-----
|