W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2015

Re: Browser display of 403 responses bodies on CONNECT - a proposal

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 8 Sep 2015 14:02:36 +1200
To: ietf-http-wg@w3.org
Message-ID: <55EE41BC.8030903@treenet.co.nz>
On 8/09/2015 11:18 a.m., Adrien de Croy wrote:
> 
> This issue keeps cropping up in support.
> 
> I understand what the browser vendors stated position is, although I
> believe with a little more imagination and effort there would be a way
> to display the proxy block page in a way that didn't confuse users.  But
> putting that argument aside, there is another safe (IMO) option for
> dealing with proxies blocking CONNECT requests.
> 
> Use (e.g. don't ignore) the response status code.
> 
> It's one thing to ignore the response message body on a 403 because it
> may have come from an active network attacker.
> 
> It's another thing to ignore the status code (the 403 itself).  That's a
> text-book example of throwing babies with bath water.

Even supporting a 511 would be good.

Amos
Received on Tuesday, 8 September 2015 02:03:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:46 UTC