Behavior of index.html and access control

Question

Behavior of index.html and access control

RubenVerborgh opened this issue 4 years ago · 1 comments

RubenVerborgh commented 4 years ago

Servers such as NSS will provide access to ./index.html when ./ is requested.

I wonder if this behavior has consequences for access control, and if so, how.

Slightly related: solid/specification#198

Answer 1 · 2021-01-29T21:37:01.000Z

I wonder as well, beyond this:

When an authorized GET request to / is given a 200 response with Content-Location: ./index.html, then we know ./index.html is a representation of ./. They have the same access privileges. OPTIONS would be a 204. For the other request methods, the Protocol includes:

When a PUT, POST, PATCH or DELETE method request targets a representation URL that is different than the resource URL, the server MUST respond with a 307 or 308 status code and Location header specifying the preferred URI reference.