You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "joel reed (JIRA)" <ji...@apache.org> on 2011/02/01 04:32:28 UTC
[jira] Commented: (COUCHDB-867) Add http handlers for root files
with special meanings, such as crossdomain.xml.
[ https://issues.apache.org/jira/browse/COUCHDB-867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12989024#comment-12989024 ]
joel reed commented on COUCHDB-867:
-----------------------------------
I can't think of any security implications - you specify exactly the file to serve up and we serve up just that file.
> Add http handlers for root files with special meanings, such as crossdomain.xml.
> --------------------------------------------------------------------------------
>
> Key: COUCHDB-867
> URL: https://issues.apache.org/jira/browse/COUCHDB-867
> Project: CouchDB
> Issue Type: Improvement
> Components: HTTP Interface
> Affects Versions: 1.0.1
> Reporter: Eric Desgranges
> Attachments: handle_file_req.diff
>
>
> Some files at the root level of a website have a special meaning, such as favicon.ico storing the favorite icon, which is processed correctly in the [httpd_global_handlers] section of the ini file with this instruction:
> favicon.ico = {couch_httpd_misc_handlers, handle_favicon_req, "../share/couchdb/www"}
> But this is the only one handled while other files, which are critical when to accessing the CouchDB server from Flash, Flex, Silverlight..., are missing
> - crossdomain.xml (this one should be a top priority fix!)
> - clientaccesspolicy.xml -- See http://msdn.microsoft.com/en-us/library/cc838250%28v=VS.95%29.aspx#crossdomain_communication
> And there's also 'robots.txt' to prevent search engines from accessing some files / directories.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira