- From: James M Snell <jasnell@gmail.com>
- Date: Mon, 11 Jun 2012 08:54:24 -0700
- To: Tim Bray <tbray@textuality.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, ietf-http-wg@w3.org
I can definitely live with that.. anything that increases the visibility of censorship is not a bad thing. Looks like status code 427 is open currently. - James On Mon, Jun 11, 2012 at 8:39 AM, Tim Bray <tbray@textuality.com> wrote: > Well, the practical argument is programmer behavior, in the way that client > devs handle the codes. I regularly see code along the lines of: > > else if (status == 401) > // do authent stuff > else if (status == 403) > // apologize and explain > else if (status/100 == 5) > // apologize for server misbehavior without many details (which would > probably not be helpful to end-user anyhow) > > So we want a result like 403, not 5XX. So 403 would not be flatly > incorrect, but I still think a new 4XX would be desirable. Would it be used? > Well, in most web frameworks, you can already provide any old integer > status code, so I don’t think any infrastructure development would be > required. I suspect the browser people would be happy to provide a > boilerplate message if the status code became official. > > And finally, I am sure that some websites under government pressure would be > happy to lie and deny censorship exists, but I am quite certain that lots of > others would welcome the chance to make clear the responsibility for the > blockage. I would welcome being so informed in those situations. > > So where’s the downside? > > -T > > > > On Mon, Jun 11, 2012 at 8:27 AM, James M Snell <jasnell@gmail.com> wrote: >> On Mon, Jun 11, 2012 at 4:09 AM, Mark Nottingham <mnot@mnot.net> wrote: >>>[snip] >>>> Censorship happens sometimes in other states through decision of laws >>>> and/or regulations. For example, a network in a corporate environment >>>> blocking certain sites through proxy (such as social networks). A library >>>> blocking some sites through proxy to other users. In these cases, the >>>> organization in charge of it might want to advertise it for reasons which >>>> seem perfectly legible to them. >>> >>> Yes. However, as discussed, current status codes can be used for this, >>> and the HTML will explain what's going on. The one remaining motivation that >>> I can see would be a similar situation that got us 511; non-browser devices >>> that get confused by what's going on. However, since this isn't a redirect, >>> but just a refusal, it's less of an issue, practically. >>> >> >> True, however, with 511, there is a distinct practical action that the >> user-agent can take in response to the specific code... namely, >> authenticating with the network prior to retrying the request. There >> is no such clear response action with this. >> >> Further, one additional consideration is the case where a particular >> request is blocked through similar policy-driven action. A 4xx >> response would be perfectly reasonable in such cases. My initial >> inclination was to use a new 5xx code but the more I go through the >> cases, the more I think 403 is just fine. >> >> - James >> >>> Cheers, >>> >>> >>> >>> -- >>> Mark Nottingham http://www.mnot.net/ >>> >>> >>> >
Received on Monday, 11 June 2012 15:55:19 UTC