W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

tainted uris in document and HTTP redirection

From: Karl Dubost <karld@opera.com>
Date: Tue, 22 Nov 2011 09:27:10 -0500
Message-Id: <47F8A0C3-C3C4-4D7D-AF79-B1F892E9426D@opera.com>
To: "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
FYI, Another example of tainted uris. 
Just to have data on what is happening 
with regards to what exists on the Web.


I need to reply to Bjoern on the thread.
http://lists.w3.org/Archives/Public/public-tracking/2011Nov/thread.html#msg219


Here an hotel site, when requesting the URI, we receive a document creating a redirection at the document level, NOT HTTP.


% curl http://www.nynyhotel.com/

HTTP/1.1 200 OK
Date: Tue, 22 Nov 2011 14:18:26 GMT
Server: Apache
Last-Modified: Tue, 13 Sep 2011 08:28:11 GMT
Accept-Ranges: bytes
Content-Length: 238
Content-Type: text/html

<html>
    <head>
    <meta http-equiv="refresh" content="0;url=http://clk.atdmt.com/MGM/go/kwbngmgm0010016098mgm/direct/01/?kbid=34362&m=619"> 
<title>New York New York Hotel & Casino</title>
</head>
<body bgcolor="#000000">
</body>
</html>


It creates a redirection without triggering a user choice. If we try to fetch this URI. We are redirected to a third site. This time at the HTTP level only. Go figure.


%curl -sI "http://clk.atdmt.com/MGM/go/kwbngmgm0010016098mgm/direct/01/?kbid=34362&m=619"

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.newyorknewyork.com/?kbid=34362&m=619
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: AA002=1321971546-11884351; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: MUID=3C92DA3819576A5B2457D88A1A576AF2; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach00=667e/7a7; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=96c57/7a7/210c478/667e/4ecbaf5a; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Tue, 22 Nov 2011 14:19:06 GMT
Connection: close


Let's try to fetch that. This time we receive the content.

% curl -sI "http://www.newyorknewyork.com/?kbid=34362&m=619"

HTTP/1.1 200 OK
Date: Tue, 22 Nov 2011 14:22:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: application/xhtml+xml; charset=utf-8
Content-Length: 25892
Via: 1.1 PRDMZSLBPri (Juniper Networks Application Acceleration Platform - DX 5.3.9 0)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />





Note: A user agent could when the user has activated DNT:1 cancels automatic redirection and asks the user for the redirection with a modal dialog. It would be an horrible UX for people. And people would not necessary know what it means in natural language or that if the redirection is on a tracker or not.




-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Tuesday, 22 November 2011 14:27:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC