httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject DNT & IE10 (was svn commit: r1371878 - /httpd/httpd/trunk/docs/conf/httpd.conf.in)
Date Thu, 13 Sep 2012 11:48:15 GMT
On Sat, Aug 11, 2012 at 3:51 AM,  <fielding@apache.org> wrote:
> Author: fielding
> Date: Sat Aug 11 07:51:52 2012
> New Revision: 1371878
>
> URL: http://svn.apache.org/viewvc?rev=1371878&view=rev
> Log:
> Apache does not tolerate deliberate abuse of open standards

I've come around on this one over time.  While I appreciate the
message/intent, I don't think this is reasonable for the default
configuration because it errs on the side of ditching a privacy header
and information loss for a (sensitive) header that we're not yet
interpreting.  IMO it's enough even without this specific DNT text:

"An HTTP intermediary must not add, delete, or modify the DNT header
field in requests forwarded through that intermediary unless that
intermediary has been specifically installed or configured to do so by
the user making the requests. For example, an Internet Service
Provider must not inject DNT: 1 on behalf of all of their users who
have not selected a choice."

I'd like to revert it, but this is not yet a veto.  I'd like to hear
what others think and would appreciate an ACK from Roy/Greg/Jim who
voted for the backport to avoid any churn.

Mime
View raw message