Re: Browser display of 403 responses bodies on CONNECT - a proposal

On 8/09/2015 11:18 a.m., Adrien de Croy wrote:
> This issue keeps cropping up in support.
> I understand what the browser vendors stated position is, although I
> believe with a little more imagination and effort there would be a way
> to display the proxy block page in a way that didn't confuse users.  But
> putting that argument aside, there is another safe (IMO) option for
> dealing with proxies blocking CONNECT requests.
> Use (e.g. don't ignore) the response status code.
> It's one thing to ignore the response message body on a 403 because it
> may have come from an active network attacker.
> It's another thing to ignore the status code (the 403 itself).  That's a
> text-book example of throwing babies with bath water.

Even supporting a 511 would be good.


Received on Tuesday, 8 September 2015 02:03:38 UTC