httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <rum...@cord.dk>
Subject Re: DNT & IE10 (was svn commit: r1371878 - /httpd/httpd/trunk/docs/conf/httpd.conf.in)
Date Thu, 13 Sep 2012 14:25:30 GMT
On 09/13/2012 03:27 PM, Jeff Trawick wrote:
> On Thu, Sep 13, 2012 at 7:48 AM, Eric Covener <covener@gmail.com> wrote:
>> On Sat, Aug 11, 2012 at 3:51 AM,  <fielding@apache.org> wrote:
>>> Author: fielding
>>> Date: Sat Aug 11 07:51:52 2012
>>> New Revision: 1371878
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1371878&view=rev
>>> Log:
>>> Apache does not tolerate deliberate abuse of open standards
>>
>> I've come around on this one over time.  While I appreciate the
>> message/intent, I don't think this is reasonable for the default
>> configuration because it errs on the side of ditching a privacy header
>> and information loss for a (sensitive) header that we're not yet
>> interpreting.  IMO it's enough even without this specific DNT text:
>>
>> "An HTTP intermediary must not add, delete, or modify the DNT header
>> field in requests forwarded through that intermediary unless that
>> intermediary has been specifically installed or configured to do so by
>> the user making the requests. For example, an Internet Service
>> Provider must not inject DNT: 1 on behalf of all of their users who
>> have not selected a choice."
>>
>> I'd like to revert it, but this is not yet a veto.  I'd like to hear
>> what others think and would appreciate an ACK from Roy/Greg/Jim who
>> voted for the backport to avoid any churn.
> 
> I agree that it should be reverted.  I don't think it is technically
> justifiable for the default conf to remove it for IE 10.  I don't
> think any particular web server deployment that has the general
> intention of respecting DNT should unset it for IE 10.
> 
> If the will exists within the group, an open letter to Microsoft could
> be posted on httpd.apache.org regarding IE 10 flouting the user choice
> intent of the DNT specification.
> 
I to agree that it should be reverted, if nothing else, then at least
for the time being, till this has been thoroughly discussed.

Technically speaking, as httpd may be used as an intermediary (more
specifially, a proxy/reverse proxy), it is difficult to justify forcing
backends to take into account that we are altering the DNT, as Eric
pointed out in the RFC quote. As I understand it, the patch would apply
to both httpd itself and any backend that it proxies to, who may or may
not be of the same opinion about whether the DNT standard has been
broken by IE. Furthermore, as we ourselves do not support or use this
DNT header ourselves, there is the question of what the patch actually
achieves for httpd.

What Microsoft has done is, to say the least, disappointing from a
technical aspect, as it muddies the waters, and I think Jeff's thoughts
about an open letter would be a very good idea, but it is hard for me to
technically justify editing the DNT header from within httpd, thus also
denying DNT for those who explicitly want it on. The error, as I see it,
lies with Microsoft, and in the end, it should be Microsoft that fixes
it, not httpd that has to make a workaround.

With regards,
Daniel.

Mime
View raw message