Re: ACTION-679: Propose text for para 2 of 3.1.1

Thanks, Martin, I'll add this to today's agenda.

Martin Jones wrote:
> Proposed text:  Irrespective of the presence of the no-transform 
> directive, the proxy must behave transparently (q.v.) unless it is able 
> to determine positively that the user agent is a browser.   The 
> mechanism by which the proxy recognizes the user agent as a browser 
> should use evidence from the HTTP request, in particular the user-agent 
> and accept headers.

I made a simple test this morning:

1. I created a "test.html" web page. It only contains a few lines of 
Javascript code to send an HTTP GET request to "xhrtest.html" using an 
XmlHttpRequest object:
http://www.w3.org/2008/03/xhr-ua-test/test.html

2. I requested "test.html" from Firefox, and watched the HTTP headers 
being exchanged.

The result is that (apart from the Referer header that is present in the 
XHR request but that cannot be used to say that the request is not from 
the browser itself), the headers in the request to "test.html" are 
exactly the same as the ones to "xhrtest.html".

In short, there's absolutely no way to tell the difference between an 
HTTP request that is sent by the browser and one that is sent by an XHR 
object, for which we would like the CT-proxy to behave transparently.

Am I missing something? What should we say?


Below is the trace of the HTTP headers for both requests:

----------------------------------------------------------
http://www.w3.org/2008/03/xhr-ua-test/test.html

GET /2008/03/xhr-ua-test/test.html HTTP/1.1
Host: www.w3.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) 
Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 

Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: cookieb2evosession=16753213_7K8PV32mWeR6BrLMHqhMbdiFCx7WJtzV
Authorization: Basic ZmQ6QmFja3RvMUE=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.x 200 OK
Date: Tue, 18 Mar 2008 10:25:21 GMT
Server: Apache/2
Last-Modified: Tue, 18 Mar 2008 10:23:14 GMT
Etag: "629-448b38628a880"
Accept-Ranges: bytes
Content-Length: 1577
Cache-Control: max-age=21600
Expires: Tue, 18 Mar 2008 16:25:21 GMT
P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml"
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8


----------------------------------------------------------
http://www.w3.org/2008/03/xhr-ua-test/xhrtest.html

GET /2008/03/xhr-ua-test/xhrtest.html HTTP/1.1
Host: www.w3.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) 
Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 

Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.w3.org/2008/03/xhr-ua-test/test.html
Cookie: cookieb2evosession=16753213_7K8PV32mWeR6BrLMHqhMbdiFCx7WJtzV
Authorization: Basic ZmQ6QmFja3RvMUE=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.x 200 OK
Date: Tue, 18 Mar 2008 10:25:21 GMT
Server: Apache/2
Last-Modified: Tue, 18 Mar 2008 10:23:14 GMT
Etag: "1e0-448b38628a880"
Accept-Ranges: bytes
Content-Length: 480
Cache-Control: max-age=21600
Expires: Tue, 18 Mar 2008 16:25:21 GMT
P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml"
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
----------------------------------------------------------



Fran├žois.

Received on Tuesday, 18 March 2008 10:33:59 UTC