[jsr-314-open] [C036-ElInResources] ACTION: Vote: Resource.getInputStream() underspecified
Andy Schwartz
andy.schwartz at oracle.com
Mon Sep 28 15:49:17 EDT 2009
Ed Burns wrote:
>>>>>> On Fri, 25 Sep 2009 08:55:11 +0200, Werner Punz <werner.punz at gmail.com> said:
>>>>>>
>
> WP> Anyway I think this discussion gets a little bit off topic ;-), wasnt it
> WP> about how to apply the el to javascripts originally?
>
> Thank you. Please take the valuable discussion of caching and resources
> to a separate thread.
>
>
As Jim's email described, the caching behavior is intimately related to
the question of how to handle EL evaluation in resources. I don't think
that these two discussions really are separate matters.
I agree with the concerns that Jim raised. If we allow arbitrary EL
expressions in resources, then we cannot safely set cache headers. I
think it is very important that JSF provides the ability to
automatically set cache headers - I do not think we should require users
to set up a separate filter for this purpose. (Though if like Lincoln
users prefer to own this responsibility, I am fine with providing some
way to disable this.)
So, I suppose I prefer RestrictAllowableExpressions, since I feel that
allowing arbitrary expressions (DefaultToOptOut) means that we either
need to:
1. Stop setting cache headers. Or...
2. Accept the likelihood that users are going to hose themselves in
non-obvious ways. Or...
3. Design a solution that allows a unique URL to be produced for each
unique EL context.
I am not happy with either #1 or #2. #3 might be interesting, but seems
like a 2.1 project.
If we do go with DefaultToOptOut then in addition to the above concerns,
I share concerns that others have raised about controlling the opt-in
behavior globally.
BTW, quick question regarding:
> all EL Expressions in all resources are evaluated every time the
> resource is served
Do we check for EL expressions in *all* resources? I assume that we
aren't scanning binary resources (images), right?
Andy
More information about the jsr-314-open-mirror
mailing list