Re: [CLOSED] Additional domain restrictions for whitelist
Posted: Tue Dec 29, 2009 9:47 am
It's not possible. ABE just knows about HTTP requests in their early stage, i.e. origin URL, destination URL and HTTP method (GET, POST, PUT, DELETE...).Tom T. wrote: Question: Can it work for objects as well as scripts? Here is what I tried: (USER)
Site java-vm@*.* *java-vm@*.*
Accept from hushmail.com *.hushmail.com
Deny
As you can see, I would like to allow Java applets at Hushmail and nowhere else. I allowed Java in NS > Embeddings as per the above.
It doesn't work. Java applets were still loading from other sites tested (using Java's own test page as the best tester).
ABE would not allow <APPLET> or comma to be entered, even though the objects show as <APPLET>, java-vm@http.//www.somesite.com
Is this syntax wrong, or is this not possible to do?
The content-type (e.g. application/java-vm) is specified in the response, too late for ABE. In fact, the some-type@url/pattern syntax you're using has no meaning to ABE.