On 8/09/2015 11:18 a.m., Adrien de Croy wrote: > > This issue keeps cropping up in support. > > I understand what the browser vendors stated position is, although I > believe with a little more imagination and effort there would be a way > to display the proxy block page in a way that didn't confuse users. But > putting that argument aside, there is another safe (IMO) option for > dealing with proxies blocking CONNECT requests. > > Use (e.g. don't ignore) the response status code. > > It's one thing to ignore the response message body on a 403 because it > may have come from an active network attacker. > > It's another thing to ignore the status code (the 403 itself). That's a > text-book example of throwing babies with bath water. Even supporting a 511 would be good. AmosReceived on Tuesday, 8 September 2015 02:03:38 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:46 UTC