Behavior of index.html and access control
RubenVerborgh opened this issue · 1 comments
Servers such as NSS will provide access to ./index.html
when ./
is requested.
I wonder if this behavior has consequences for access control, and if so, how.
Slightly related: solid/specification#198
I wonder as well, beyond this:
When an authorized GET request to /
is given a 200 response with Content-Location: ./index.html
, then we know ./index.html
is a representation of ./
. They have the same access privileges. OPTIONS would be a 204. For the other request methods, the Protocol includes:
When a PUT, POST, PATCH or DELETE method request targets a representation URL that is different than the resource URL, the server MUST respond with a 307 or 308 status code and Location header specifying the preferred URI reference.