- From: Karl Dubost <karld@opera.com>
- Date: Tue, 22 Nov 2011 09:27:10 -0500
- To: "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
FYI, Another example of tainted uris. Just to have data on what is happening with regards to what exists on the Web. I need to reply to Bjoern on the thread. http://lists.w3.org/Archives/Public/public-tracking/2011Nov/thread.html#msg219 Here an hotel site, when requesting the URI, we receive a document creating a redirection at the document level, NOT HTTP. % curl http://www.nynyhotel.com/ HTTP/1.1 200 OK Date: Tue, 22 Nov 2011 14:18:26 GMT Server: Apache Last-Modified: Tue, 13 Sep 2011 08:28:11 GMT Accept-Ranges: bytes Content-Length: 238 Content-Type: text/html <html> <head> <meta http-equiv="refresh" content="0;url=http://clk.atdmt.com/MGM/go/kwbngmgm0010016098mgm/direct/01/?kbid=34362&m=619"> <title>New York New York Hotel & Casino</title> </head> <body bgcolor="#000000"> </body> </html> It creates a redirection without triggering a user choice. If we try to fetch this URI. We are redirected to a third site. This time at the HTTP level only. Go figure. %curl -sI "http://clk.atdmt.com/MGM/go/kwbngmgm0010016098mgm/direct/01/?kbid=34362&m=619" HTTP/1.1 302 Object moved Cache-Control: no-store Content-Length: 0 Expires: 0 Location: http://www.newyorknewyork.com/?kbid=34362&m=619 P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC" Set-Cookie: AA002=1321971546-11884351; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com Set-Cookie: MUID=3C92DA3819576A5B2457D88A1A576AF2; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com Set-Cookie: ach00=667e/7a7; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com Set-Cookie: ach01=96c57/7a7/210c478/667e/4ecbaf5a; expires=Thursday, 21-Nov-2013 00:00:00 GMT; path=/; domain=.atdmt.com Date: Tue, 22 Nov 2011 14:19:06 GMT Connection: close Let's try to fetch that. This time we receive the content. % curl -sI "http://www.newyorknewyork.com/?kbid=34362&m=619" HTTP/1.1 200 OK Date: Tue, 22 Nov 2011 14:22:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: application/xhtml+xml; charset=utf-8 Content-Length: 25892 Via: 1.1 PRDMZSLBPri (Juniper Networks Application Acceleration Platform - DX 5.3.9 0) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> Note: A user agent could when the user has activated DNT:1 cancels automatic redirection and asks the user for the redirection with a modal dialog. It would be an horrible UX for people. And people would not necessary know what it means in natural language or that if the redirection is on a tracker or not. -- Karl Dubost - http://dev.opera.com/ Developer Relations & Tools, Opera Software
Received on Tuesday, 22 November 2011 14:27:49 UTC