- From: Nicholas Doty <npdoty@w3.org>
- Date: Thu, 8 Mar 2012 15:53:47 -0800
- To: Kevin Smith <kevsmith@adobe.com>
- Cc: "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>, Sid Stamm <sid@mozilla.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
On Mar 8, 2012, at 2:17 PM, Kevin Smith wrote: >> As I understand it, an exception for "*" on a first-party site would imply that the user agent would send DNT:0 to every domain from which a resource was requested as part of loading the first-party page (including subsequent re-directs, iframes and XHR requests). > > I am not sure how to do this using current methodologies. Take a simple example. Site A has an exception for all 3rd parties and includes 3rd Party B which then includes 3rd Party C. 3rd Party C is requested from 3rd Party B, not Site A. How does the browser know that 3rd Party C's request originated from Site A? Certainly 3rd Part C probably knows from customized request parameters, but how does the browser map the request to its list of exceptions to even see the '*' associated with site A? I think this would be new functionality. We opened ISSUE-110 I believe specifically for this question (will user agents always be able to determine corresponding top-level-origin for all outgoing requests?) as Vincent was concerned that browsers or browser extensions might not be able to do this. I believe Sid informed us that browsers always could (whether it's a redirect, embedded iframe, XHR request, etc.) which is why it was closed -- Sid, can you confirm? It would seem to me that browsers could always determine what site (or browser tab, say) has initiated a request: when I close a browser window, the browser knows which requests to stop making. When the browser receives a response to an HTTP request, it knows which DOM gets the corresponding JavaScript events or which frame to load the parsed page into. Thanks, Nick
Received on Thursday, 8 March 2012 23:53:51 UTC