- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 3 Jul 2008 11:20:52 -0700
- To: Justin James <j_james@mindspring.com>
- Cc: "'Daniel Stenberg'" <daniel@haxx.se>, "'HTTP Working Group'" <ietf-http-wg@w3.org>, <public-html@w3.org>
On Jul 3, 2008, at 9:04 AM, Justin James wrote: > The *entire* Web is founded on sloppy programmers, what makes you > think that > this scenario is an exception? If browser vendors didn't create > browsers > that accepted any semi-reasonable slop served out, then the Web > would still > just be TBL and a few scientists who were used to Postscript being > delighted > at how "simple" HTML is (while the public has proven how hard it is > to write > valid HTML) to pass around their academic papers. :) Whoa, talk about revisionist history. There was no significant sloppyness in content types on the web until after IE3 came out with that bug, and the reason they did so had nothing to do with the content on servers. It was just "simpler" for them to use the same algorithm regardless of source (what everyone else calls a security hole). It was only later, when Netscape and other browsers had problems with content that was served at sites that only use MSIE for authoring, that sniffing by other browsers became common on the Web. > But you are right about there being a chicken/egg issue here in my > particular example. I am *positive* that Apache's behavior of throwing > everything out at text/html unless explicitly specified otherwise > with a > MIME mapping or in the headers from a CGI had a lot to do with it, > which > Julian already explained. No, it had nothing to do with it. Apache sends text/plain by default because that is the desired config for files with no type extensions on Unix filesystems. It comes from NCSA httpd history and is very hard to deprecate without breaking valid content that has been correctly configured. In any case, it has only had a negative effect on new file formats, not defined ones like HTML, and has no effect whatsoever on scripts. I've never seen a script forget to set its own content-type. > I don't think the proposal is a good one either, for the record. I > also > don't think it is a bad one. It doesn't break anything, and it > extends the > protocol in a way that does not cause any problems to existing > stuff, and it > will only be used by a small fraction of people. On the contrary, if MSIE uses it to detect authoritative content, then Apache will probably be changed to always send that parameter when browser UA is MSIE. Apache works around stupid browser bugs and security holes in browsers, whether they like it or not. ....Roy
Received on Thursday, 3 July 2008 18:21:31 UTC