W3C home > Mailing lists > Public > public-bpwg-ct@w3.org > April 2008

Re: Request bodies alteration and character encoding issue

From: Francois Daoust <fd@w3.org>
Date: Tue, 08 Apr 2008 12:29:54 +0200
Message-ID: <47FB4922.20904@w3.org>
To: Aaron Kemp <kemp@google.com>
CC: public-bpwg-ct <public-bpwg-ct@w3.org>

Thanks Aaron!

Thinking out aloud, trying to summarize and reformulate it from a 
different angle:

In short, the CT-proxy only alters request bodies for requests based on 
responses that were already transformed: if an HTTP response containing 
a form is sent unaltered to the client, the following form submission 
request won't be altered by the CT-proxy.

This could lead to two guidelines to replace current editorial note in 
4.1.2 [1]:

1. the CT-proxy MUST NOT alter the request method and body of a request 
that originates from an untransformed web page. Note it may still change 
the headers though.

2. if the origin web page was transformed, the CT-proxy MUST (actually, 
it's a "must" as in "it's the only it can work anyway") alter the 
request method and body of the request to match that of what the request 
would have been had the origin page not been transformed. In other 
words, the CT-proxy "simply" MUST ensure that its changes are 
transparent from the content provider's point of view.

(both points obviously need some re-wording to make things clear)

... and the list of examples could be examples of "restructuring" and 
"recoding" transformations made by a CT-proxy. It could go in "Types of 
transformation" (§2.2), or we may simply not mention them.

As for the prescriptions that may have to be made about transformation 
of request bodies, they are rather prescriptions about transformation of 
the origin response, IMO. I'm not sure we want to go deep into details 



Aaron Kemp wrote:
> Sorry this is so late, just digging out from vacation.
> On Tue, Mar 18, 2008 at 1:09 PM, Francois Daoust <fd@w3.org> wrote:
>>  Should we rather use an affirmative form such as "Proxies MAY alter request
>> bodies, typically when [above blah]"?
>>  Should we just say nothing?
> I guess I'd vote to either say they MAY or just note that it occurs in practice.
>>  Just to make sure I understand: the form that uses GET is converted to a
>> form that uses POST when the HTTP response that contains the form is sent to
>> the user. The user thus issues a POST request which is then converted back
>> to a GET request by the CT-proxy. In other words, from the origin server's
>> point of view, the form still uses GET. Am I right?
> Exactly.  The origin server doesn't notice because nothing changes.
>>  That's more than "altering request body". It's "altering request method".
>> We may want to add that as well.
> Right.
>>  Note that my second question would be: could you precise "a variety of
>> reasons"? I can think of URI that would become too long, although I remember
>> having had this problem six years ago, so I'm not sure it's still an issue
>> in practice in 2008.
> URIs definitely can become too long (phones are more limited than
> desktop browsers, as are the gateways in between sometimes).  It's
> also to prevent casual snooping, and finally, we use our own URL
> parameters, so we'd have to ensure the user submitted form values
> didn't collide with ours.
> Aaron
Received on Tuesday, 8 April 2008 10:30:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:06:29 UTC