RE: Navigation Error Logging spec update

At some point we discussed how the UA should behave if it is a private browsing session. It should likely not log anything. Does that need to be alluded to in 5 Privacy and Security?

Looking at enableNavigationErrorReporting. This looks like it could spiral out of control if both the content origin and the logging origin is host on the same architecture. For example:

A request to http://example.com results in a HTTP 500 because of a bug on the origin when it is under too much load (DDOS, internal capacity issue, etc). The UA formats a NavigationErrorEntry and prepares to send it to http://example.com/logging. That in turn results in a 500 error, and increases the load on the origin.

Should there be some back off logic? If a logging fetch fails, don't try again for n*2 seconds, doubling as it continues to fail. If a logging fetch fails, does it retry? That is getting into the beacon logic, but it seems like if we are going to allow some global set of UA's to automatically send logging fetches during errors, then we need some idea to limit how much further impact they could cause, or it is DDOS waiting to happen.

Aaron


From: Arvind Jain [mailto:arvind@google.com]
Sent: Sunday, December 8, 2013 11:32 AM
To: public-web-perf
Subject: Re: Navigation Error Logging spec update

Checking in.

Do folks have any comments on the draft?

Arvind

On Fri, Nov 29, 2013 at 6:25 PM, Arvind Jain <arvind@google.com<mailto:arvind@google.com>> wrote:
I added two methods to the interface to allow reporting of errors in real time to a report url as per ACTION-117 - Add method to allow ability to send to a third party url.

https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/NavigationErrorLogging/Overview.html

Please review and let me know if you have any concerns.

Arvind