Re: Browser display of 403 responses bodies on CONNECT - a proposal from Virgil Griffith on 2015-09-18 (ietf-http-wg@w3.org from July to September 2015)

From: Virgil Griffith <i@virgil.gr>
Date: Fri, 18 Sep 2015 11:49:31 +0000
To: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <CADop2NE4n6ArK+XqdV_H=8txXWpv9qiBKq1bWe_x9QdxsDG53w@mail.gmail.com>

If we are t going to use 451, I always liked the of repurposing 511 for
this purpose.
On Tue, 8 Sep 2015 at 10:07 Amos Jeffries <squid3@treenet.co.nz> wrote:

> On 8/09/2015 11:18 a.m., Adrien de Croy wrote:
> >
> > This issue keeps cropping up in support.
> >
> > I understand what the browser vendors stated position is, although I
> > believe with a little more imagination and effort there would be a way
> > to display the proxy block page in a way that didn't confuse users.  But
> > putting that argument aside, there is another safe (IMO) option for
> > dealing with proxies blocking CONNECT requests.
> >
> > Use (e.g. don't ignore) the response status code.
> >
> > It's one thing to ignore the response message body on a 403 because it
> > may have come from an active network attacker.
> >
> > It's another thing to ignore the status code (the 403 itself).  That's a
> > text-book example of throwing babies with bath water.
>
> Even supporting a 511 would be good.
>
> Amos
>
>
>

Received on Friday, 18 September 2015 11:50:10 UTC