- From: Francois Daoust <fd@w3.org>
- Date: Tue, 18 Mar 2008 11:33:24 +0100
- To: Martin Jones <martinj@volantis.com>
- CC: public-bpwg-ct@w3.org
Thanks, Martin, I'll add this to today's agenda. Martin Jones wrote: > Proposed text: Irrespective of the presence of the no-transform > directive, the proxy must behave transparently (q.v.) unless it is able > to determine positively that the user agent is a browser. The > mechanism by which the proxy recognizes the user agent as a browser > should use evidence from the HTTP request, in particular the user-agent > and accept headers. I made a simple test this morning: 1. I created a "test.html" web page. It only contains a few lines of Javascript code to send an HTTP GET request to "xhrtest.html" using an XmlHttpRequest object: http://www.w3.org/2008/03/xhr-ua-test/test.html 2. I requested "test.html" from Firefox, and watched the HTTP headers being exchanged. The result is that (apart from the Referer header that is present in the XHR request but that cannot be used to say that the request is not from the browser itself), the headers in the request to "test.html" are exactly the same as the ones to "xhrtest.html". In short, there's absolutely no way to tell the difference between an HTTP request that is sent by the browser and one that is sent by an XHR object, for which we would like the CT-proxy to behave transparently. Am I missing something? What should we say? Below is the trace of the HTTP headers for both requests: ---------------------------------------------------------- http://www.w3.org/2008/03/xhr-ua-test/test.html GET /2008/03/xhr-ua-test/test.html HTTP/1.1 Host: www.w3.org User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: cookieb2evosession=16753213_7K8PV32mWeR6BrLMHqhMbdiFCx7WJtzV Authorization: Basic ZmQ6QmFja3RvMUE= Pragma: no-cache Cache-Control: no-cache HTTP/1.x 200 OK Date: Tue, 18 Mar 2008 10:25:21 GMT Server: Apache/2 Last-Modified: Tue, 18 Mar 2008 10:23:14 GMT Etag: "629-448b38628a880" Accept-Ranges: bytes Content-Length: 1577 Cache-Control: max-age=21600 Expires: Tue, 18 Mar 2008 16:25:21 GMT P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml" Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 ---------------------------------------------------------- http://www.w3.org/2008/03/xhr-ua-test/xhrtest.html GET /2008/03/xhr-ua-test/xhrtest.html HTTP/1.1 Host: www.w3.org User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.w3.org/2008/03/xhr-ua-test/test.html Cookie: cookieb2evosession=16753213_7K8PV32mWeR6BrLMHqhMbdiFCx7WJtzV Authorization: Basic ZmQ6QmFja3RvMUE= Pragma: no-cache Cache-Control: no-cache HTTP/1.x 200 OK Date: Tue, 18 Mar 2008 10:25:21 GMT Server: Apache/2 Last-Modified: Tue, 18 Mar 2008 10:23:14 GMT Etag: "1e0-448b38628a880" Accept-Ranges: bytes Content-Length: 480 Cache-Control: max-age=21600 Expires: Tue, 18 Mar 2008 16:25:21 GMT P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml" Keep-Alive: timeout=2, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 ---------------------------------------------------------- François.
Received on Tuesday, 18 March 2008 10:33:59 UTC