cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Stimmel <jon-li...@stimmel.net>
Subject Re: [C2] (hopefully) last sitemap major changes
Date Wed, 05 Jul 2000 18:07:51 GMT
On Fri, Jun 30, 2000 at 07:18:33PM +0200, Stefano Mazzocchi wrote:

> Ok, I spent the whole afternoon on this and I'm pretty happy with the
> results. Please, throw rock at it and let's see how solid this is.

Now *that's* a sitemap =)


> 3) increased redirection capabilities
> 
>  <map:redirect-to uri="..."/>
>  <map:redirect-to resource="..."/>

This has probably already been discussed, but are these done
internally to cocoon, or by actually redirecting the browser?
Imagine the following example (lifted from the draft) using
client-side redirects:
   <map:match pattern="cocoon/dist/*">
    <map:choose type="ip-filter">
     <map:when test="allowsAddress()">
      <map:redirect-to uri="dist/cocoon/{1}"/>
     </map:when>
     <map:otherwise>
      <map:redirect-to resource="Access refused"/>
     </map:otherwise>
    </map:choose>
   </map:match>
If the redirect is done client-side, then we have to insure that we
perform the test a second time when the client returns for the
new location, otherwise one person with access can distribute an
unrestricted URL to the whole world.

On further thought, I guess this is a problem in either case; the
only secure way of doing this (without replicating tests) is
to use the <map:redirect-to resource=""/> form. (It might be good
to give this special mention in the redirect-to documentation; a
novice (or even not-so novice) administrator could easily lull
themself into a false sense of security...)


> 6) added the notion of "views" and pipeline "labels".

Hmmmm... I'm not certain I understand the intent here. It sounds
almost like a mechanism to implicitly apply <map:choose> and
<map:resources> (minus the generator) to pipelines. If this is
accurate, do we necessarily need both views and resources?


> BIG NOTE: I believe this sitemap may result a little "pull" centric,

True, but isn't that somewhat inherent to the HTTP protocol?

Mime
View raw message