41 lines
1.1 KiB
Plaintext
41 lines
1.1 KiB
Plaintext
note
|
|
|
|
description: "[
|
|
Policy to decide if OPTIONS * is honoured.
|
|
Servers that wish to forbid OPTIONS * requests
|
|
can redefine `is_system_options_forbidden'.
|
|
|
|
Response 403 Forbidden is meant to be accompanied
|
|
by an entity body describing the reason for the refusal.
|
|
Since authentication cannot be used for OPTIONS *, there
|
|
are limited grounds for selective refusal (the IP address might
|
|
be used though), so we provide a convenient default for
|
|
`system_options_forbidden_text'.
|
|
]"
|
|
|
|
date: "$Date$"
|
|
revision: "$Revision$"
|
|
|
|
class WSF_SYSTEM_OPTIONS_ACCESS_POLICY
|
|
|
|
feature -- Access
|
|
|
|
is_system_options_forbidden (req: WSF_REQUEST): BOOLEAN
|
|
-- Should we return 403 Forbidden in response to OPTIONS * requests?
|
|
require
|
|
req_attached: req /= Void
|
|
do
|
|
-- by default, unconditionally no.
|
|
end
|
|
|
|
system_options_forbidden_text (req: WSF_REQUEST): detachable READABLE_STRING_8
|
|
-- Content of 403 Forbidden response;
|
|
-- Returning `Void' means instead respond with 403 Not found
|
|
require
|
|
req_attached: req /= Void
|
|
do
|
|
Result := "OPTIONS * is not permitted"
|
|
end
|
|
|
|
end
|