Re: [CTG] Alteration of header fields (4.1.5) / inconsistencies from Francois Daoust on 2008-12-01 (public-bpwg-ct@w3.org from December 2008)

From: Francois Daoust <fd@w3.org>
Date: Mon, 01 Dec 2008 14:42:41 +0100
To: casays@yahoo.com
CC: public-bpwg-ct@w3.org
Message-ID: <4933E9D1.3090704@w3.org>

Eduardo Casais wrote:
>> - any other header that could be changed by a "regular" 
>> proxy?
> 
> In the context of requests, at least the following header fields might undergo modifications: Content-Length, Content-Encoding, and Warning. 
> 
> Scenario: From RFC2616 14.11, a non-transparent proxy may change the encoding of the body. In a POST request, this implies that the Content-Length and Content-Encoding must be adjusted accordingly, and a Warning header field must be inserted or extended.
> 
> In the context of CT-proxies, it is easy to envision further modifications of the request body that would entail modification of the aforementioned header fields. 
> 
> Which means that the proposed resolution:
> 
>> "Proxies SHOULD NOT change headers other than
>> User-Agent and Accept(-*) headers, and 
>> X-Forwarded-For and Via as noted under 4.1.6
>> Additional HTTP Headers if already present, and MUST
>> NOT delete headers.
> 
> leads to a further inconsistency, as per the scenario above...

Good point.

Then maybe we should try to focus on what we're trying to solve with:
  "Proxies SHOULD NOT change headers other than User-Agent and
Accept(-*) headers".

I think most if not all of the problems introduced by CT-proxies on the
request side originate from the modification of the User-Agent and
Accept(-*) headers (and to a lesser extent from the suppression of some
HTTP headers). The statement seems mostly useless in that regard.

I think that what we want to say is:
  * User-Agent and Accept(-*) headers may only be changed in the cases
envisioned by the 3 points of the list
  * HTTP headers must not be deleted
  * it must be possible to reconstruct the original User-Agent and
Accept(-*) headers.
  * as far as the other HTTP headers are concerned, leave it up to the HTTP
RFC2616.

In short, I propose something along the lines of:
"
  Proxies SHOULD NOT modify the User-Agent and Accept(-*) headers unless:
   [list of 3 possibilities, possibly amending the third one]
  Proxies MUST NOT delete headers.
  It MUST be possible to reconstruct the original User-Agent and
Accept(-*) headers (see 4.1.5.5)
"

... and propose to adjust the wording of section 4.1.5.5 consequently
only to refer to User-Agent and Accept(-*) headers (which we have to do
anyway if we are to register the X-Device-* headers in any proper way)

If deemed necessary, we may add another reference to the RFC HTTP.

I'm sure I forgot something important here. What is it? ;-)

Francois.

Received on Monday, 1 December 2008 13:43:21 UTC