Re: Browser display of 403 responses bodies on CONNECT

Le Jeu 18 juin 2015 04:27, Martin Thomson a écrit :

> Now, if you wanted to fix this situation, I might suggest that a
> custom error page might be appropriate.  That page might say that the
> proxy denied the request to connect.  Showing content that the proxy
> provided still seems inadvisable.

Excuse me but that's pretty braindamaged. Just because browser people have
repeated this for years does not mean it is true.

The proxy is not an evil hijacker, the browser *chose* to use the proxy so
it can assume its choices.

If browser authors are "afraid" of "evil" block pages (why are they
connecting to this equipment in the first place?) they can add whatever
chrome they wish around the block pages to show it's a block page (exactly
like they do for all other error messages)

Also the pages browsers replace 403 with are intentionnaly misleading and
disparaging and designed to increase support calls. That's the browser
choice but the http spec is not here to promote and condone such
antisocial behaviour


Nicolas Mailhot

Received on Wednesday, 24 June 2015 08:25:29 UTC