Return 'wac-allowed' HTTP header with GET & HEAD responses #246
Comments
|
Updated issue to use |
dmitrizagidulin
changed the title
Access-Control-*-Methods semantics for pre-flight requestsAllow: header
|
+1 |
dmitrizagidulin
changed the title
Allow: header
|
Updated to use a custom |
|
Updated it to reflect today's design discussion; return both the permissions of the user, and public permissions. |
dmitrizagidulin
changed the title
RubenVerborgh
added a commit
that referenced
this issue
Aug 17, 2017
|
Implemented by #550. |
RubenVerborgh
added a commit
that referenced
this issue
Aug 17, 2017
RubenVerborgh
added a commit
that referenced
this issue
Aug 17, 2017
RubenVerborgh
added a commit
that referenced
this issue
Aug 17, 2017
RubenVerborgh
added a commit
that referenced
this issue
Aug 18, 2017
RubenVerborgh
added a commit
that referenced
this issue
Aug 18, 2017
dmitrizagidulin
pushed a commit
that referenced
this issue
Aug 18, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem/Motivation
There is currently no easy way for solid client code to determine if the current user has read/write/delete etc access to a given resource (short of reading and parsing the ACL chain, which is both discouraged, and not always possible due to ACL limitations on the
.aclfiles themselves). (See solid/#45 - No way to find out if user is authorized to write to a container for context.)Proposed Solution
An easy solution to this would be to add support to LDNode for the following:
With every response, the server should include an additional
WAC-Allowe:header in the HTTP response.For example, doing an unauthenticated HEAD request on a public read-only resource, would yield:
Doing an HEAD request (while authenticated) to a resource you have full read/write/control access to:
(Note the
public=""part -- the empty string denotes no access.)The text was updated successfully, but these errors were encountered: