Re: Microsoft's "I mean it" content-type parameter from Roy T. Fielding on 2008-07-03 (public-html@w3.org from July 2008)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 3 Jul 2008 11:20:52 -0700
To: Justin James <j_james@mindspring.com>
Cc: "'Daniel Stenberg'" <daniel@haxx.se>, "'HTTP Working Group'" <ietf-http-wg@w3.org>, <public-html@w3.org>
Message-Id: <15ACE442-0FF9-42D3-B738-7E5A0F3C26C1@gbiv.com>

On Jul 3, 2008, at 9:04 AM, Justin James wrote:
> The *entire* Web is founded on sloppy programmers, what makes you  
> think that
> this scenario is an exception? If browser vendors didn't create  
> browsers
> that accepted any semi-reasonable slop served out, then the Web  
> would still
> just be TBL and a few scientists who were used to Postscript being  
> delighted
> at how "simple" HTML is (while the public has proven how hard it is  
> to write
> valid HTML) to pass around their academic papers. :)

Whoa, talk about revisionist history.  There was no significant  
sloppyness
in content types on the web until after IE3 came out with that bug, and
the reason they did so had nothing to do with the content on servers.
It was just "simpler" for them to use the same algorithm regardless of
source (what everyone else calls a security hole).  It was only later,
when Netscape and other browsers had problems with content that was  
served
at sites that only use MSIE for authoring, that sniffing by other  
browsers
became common on the Web.

> But you are right about there being a chicken/egg issue here in my
> particular example. I am *positive* that Apache's behavior of throwing
> everything out at text/html unless explicitly specified otherwise  
> with a
> MIME mapping or in the headers from a CGI had a lot to do with it,  
> which
> Julian already explained.

No, it had nothing to do with it.  Apache sends text/plain by default
because that is the desired config for files with no type extensions
on Unix filesystems.  It comes from NCSA httpd history and is very hard
to deprecate without breaking valid content that has been correctly
configured.  In any case, it has only had a negative effect on new file
formats, not defined ones like HTML, and has no effect whatsoever on  
scripts.
I've never seen a script forget to set its own content-type.

> I don't think the proposal is a good one either, for the record. I  
> also
> don't think it is a bad one. It doesn't break anything, and it  
> extends the
> protocol in a way that does not cause any problems to existing  
> stuff, and it
> will only be used by a small fraction of people.

On the contrary, if MSIE uses it to detect authoritative content, then
Apache will probably be changed to always send that parameter when
browser UA is MSIE.  Apache works around stupid browser bugs and
security holes in browsers, whether they like it or not.

....Roy

Received on Thursday, 3 July 2008 18:21:30 UTC