W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 12 Feb 2009 01:25:45 +0000 (UTC)
To: Breno de Medeiros <breno@google.com>
Cc: Adam Barth <w3c@adambarth.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
Message-ID: <Pine.LNX.4.62.0902120123320.952@hixie.dreamhostps.com>

On Wed, 11 Feb 2009, Breno de Medeiros wrote:
> On Wed, Feb 11, 2009 at 5:00 PM, Ian Hickson <ian@hixie.ch> wrote:
> > On Wed, 11 Feb 2009, Breno de Medeiros wrote:
> > > >
> > > > > 2. This technique may prevent legitimate uses of the spec by 
> > > > > developers who do not have the ability to set the appropriate 
> > > > > header.
> > > >
> > > > Many developers can control Content-Type headers using .htaccess 
> > > > files (and their ilk).
> > >
> > > And many others cannot. This is particularly irksome in outsourcing 
> > > situations where you have only partial control of the hosting 
> > > environment or depend on non-technical users to perform 
> > > administrative tasks.
> >
> > Note that if the spec says that UAs are to ignore the Content-Type 
> > header, this is a violation of the HTTP and MIME specifications. If 
> > this is intentional, then the HTTP or MIME specs should be changed.
> 
> The spec is letting applications decide what to do. It is not mandating 
> anything.

Well then what Adam is suggesting isn't controversial, and in fact it's 
already required (by HTTP/MIME). So adding a note to the site-meta spec 
reminding implementors of this doesn't seem like a bad idea.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 12 February 2009 01:26:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT