- From: Ted Hardie <ted.ietf@gmail.com>
- Date: Mon, 29 Feb 2016 12:01:31 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP WG <ietf-http-wg@w3.org>
- Message-ID: <CA+9kkMC1Tce=eohXFSZfrD9cpJHOMOMKtoYqVbvUY3EwbboTqg@mail.gmail.com>
Howdy, On Sun, Feb 28, 2016 at 5:59 PM, Mark Nottingham <mnot@mnot.net> wrote: > FYI - would be interested in what people thought, as I know some folks > have this problem. > > Pretty (and slightly updated) version at: > https://mnot.github.io/I-D/proxy-explanation/ > > The document says about the HTML content in a 403 "but browsers are unwilling to show this to end users, since doing so would subject them to a potential man-in-the-middle attack."; this same reluctance seems to me likely to apply to the URL in the proposed JSON structure. You note the issue considerations section, but seem to come down on the side of including it anyway. Can you explain more about why? What's the other side of this trade-off look like, in your thinking? I found it odd that the document talked about forbidding origin servers from generating the media type, rather than returning it a response. Below you say it MUST NOT be used with 2xx or 3xx responses; it seems like you could also use similar language for origin server/CDN use. The document says that "Clients MAY selectively support this media type. For example, an implementation might deem it only useful (or safe) in CONNECT requests." Given the other restrictions, I don't use case outside of CONNECT, and I would normally say that you shouldn't send an accept header where you're not willing to receive the type; am I missing some of your thinking here? regards, Ted > > > Begin forwarded message: > > > > From: internet-drafts@ietf.org > > Subject: New Version Notification for > draft-nottingham-proxy-explanation-00.txt > > Date: 17 February 2016 at 11:38:12 AM AEDT > > To: "Mark Nottingham" <mnot@mnot.net> > > > > > > A new version of I-D, draft-nottingham-proxy-explanation-00.txt > > has been successfully submitted by Mark Nottingham and posted to the > > IETF repository. > > > > Name: draft-nottingham-proxy-explanation > > Revision: 00 > > Title: The application/proxy-explanation+json media type > > Document date: 2016-02-17 > > Group: Individual Submission > > Pages: 7 > > URL: > https://www.ietf.org/internet-drafts/draft-nottingham-proxy-explanation-00.txt > > Status: > https://datatracker.ietf.org/doc/draft-nottingham-proxy-explanation/ > > Htmlized: > https://tools.ietf.org/html/draft-nottingham-proxy-explanation-00 > > > > > > Abstract: > > This specification defines the application/proxy-explanation+json > > media type, to allow HTTP proxies to explain to clients why a request > > is unsuccessful. > > > > Note to Readers > > > > The issues list for this draft can be found at > > https://github.com/mnot/I-D/labels/proxy-explanation . > > > > The most recent (often, unpublished) draft is at > > https://mnot.github.io/I-D/proxy-explanation/ . > > > > Recent changes are listed at https://github.com/mnot/I-D/commits/gh- > > pages/proxy-explanation . > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > > > -- > Mark Nottingham https://www.mnot.net/ > > >
Received on Monday, 29 February 2016 20:02:18 UTC