RE: Geolocation header

Could you simplify the path aspects of this to perhaps address some of the privacy concerns?

I'm thinking, coin a new .well-known address for geolocation and restrict UAs to only send request header there. This makes it harfer to proliferate the header unintentionally. This is still subject to origin level agreement and server asking for information.

Lucas
________________________________________
From: Luis Barguñó Jané [luisbargu@gmail.com]
Sent: 08 August 2017 21:41
To: Walter H.
Cc: ietf-http-wg@w3.org
Subject: Re: Geolocation header

after the 3rd question you will allow it for the whole site, believe me ...
otherways the non existence of a serious use case is just proven ...

The permission is per-origin, so no need for a 3rd question. The permission is the same as the JS API.

and the optimization you are talking about doesn't really make any sense, when you are talking serious about the
problems you're raising ...


I'm still not sure I understand the tone of your replies, instead of a constructive attitude. Regardless of the content we are discussing, I never said what you mention "doesn't make any sense", even if I don't agree. Because that goes beyond respect.

I still think two roundtrips to one roundtrip makes sense, and probably others who care about the internet agree.

And back to the concern you have. See sentence in the document I sent:
"Consider: The Geolocation header MUST only be sent when the request is for a page loaded in a top level frame."

If we decide to include this, the scenario you are describing is just gone?


-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------

Received on Wednesday, 9 August 2017 01:13:05 UTC