- From: Guilherme Hermeto <gui.hermeto@gmail.com>
- Date: Fri, 4 Aug 2017 07:58:44 -0700
- To: "Walter H." <walter.h@mathemainzel.info>
- Cc: ietf-http-wg@w3.org
- Message-ID: <CALf91EXois=vyKQyBwhSfzks=SnEnb3ybRKk0JxWkNQG0gHfwg@mail.gmail.com>
On Fri, Aug 4, 2017 at 12:54 AM, Walter H. <walter.h@mathemainzel.info> wrote: > On Fri, August 4, 2017 08:53, Guilherme Hermeto wrote: > > > > I get it, but as far as I can see, the same applies to Geolocation API > > too. > No, because it requires something you can disable - e.g. with NoScript ... > > Wait, the first thing you said was that an admin could block the headers... is it off the table now? Same as NoScript there is a plugin called ModifyHeaders for both chrome and FF. > > The user agent asks permission and it is stored for that particular > domain > > (like a cookie), so other servers wouldn't get it. > this may be a mistake ..., as the control a user has over his system, this > "ask for permission" might be globally ... > > when its using the Geolocation API, you have the chance e.g. with NoScript > to prevent a server from getting this ... > Same with headers... you can block headers... > > > Can you elaborate on "server MUST NOT get any knowledge to let him > > decide what to send to the client"? > > Because servers acquire such knowledge all the > > time, doing authentication, authorization... but I'm assuming that isn't > > what you meant. > > No, I mean e.g. that a server MUST NOT interpret the User-Agent Header > field ...; > e.g. when it is the Google Crawler it sends the content, und when I search > in google and get this page, and click there will get a 404 or 403, > because it is not the Google Crawler ... > > or other example: there is an application you want to download, and the > webpage gives you only the download for the Linux port, not the Windows > port, because your User-Agent says Linux ... > > Understood it now, but that is not the case here. Localized services is not something new... If I am using a riding-hailing app in San Francisco why should I care about which driver is currently available in London? > > All said, what really concerns me is that even though there is the > > Geolocation API to recommend how user agents should acquire and treat > such > > information > > I don't know any API that does make thoughts about what sense and if there > is a legit use case ... > You misunderstood me. Geolocation API IS the recommendation on how user user agents should acquire geolocation information: https://www.w3.org/TR/geolocation-API/ > > > Should we work towards that? > > No, > first think of legit use and then think if you really want to put all > clients into the same group even when you know, that it is wrong ... > > I bet by the answer of the following question ... > > "From WHERE/HOW does a NON MOBILE know its location?" > > it doesn't make any sense to have any geo location - neither API nor > header field - for user agents on non mobile devices ... > > > Just because the server asks for the information doesn't mean the client must comply. Have you read Luis proposal? It says the client "may" include. Not even "should". Geolocation API exists and will continue to exist. One way or another that information will be sent to the servers and there is no standard on how that information should be sent to the server through HTTP. You might not be happy with the fact that the server initiate the process though Geolocation-Request header, but it does not invalidate the need for a standard when the data is acquired by the client (as it is today) and should be sent to the server.
Received on Friday, 4 August 2017 14:59:40 UTC