- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 24 Oct 2012 10:32:31 -0700
- To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <CAF4kx8d97zjYLa6Jm4FsKff=0GULG2f7qtJLNuidwrtmF18CNQ@mail.gmail.com>
If multiple pieces of software are trying to set a DNT value, there is a very real chance that servers will end up with mixed messages. The most probable instance of this in my opinion is the case where a user agent sends a particular value of the DNT header, some other entity changes the value of this DNT header, and then JavaScript running inside of the UserAgent queries such APIs as may be available to it and receives indications that are not consistent with the header value they received. What I would propose as text is the following: Web servers need to be able to determine whether they are receiving a request where DNT is enabled or not enabled. This specification provides multiple ways for a server to make such a determination, including a value sent in a header as well as various JavaScript APIs. Software (be it a user agent, intermediary, or any other class of software) MUST NOT change DNT from enabled to not enabled, or vice versa, unless it can ensure that the server receives consistent information regardless of which method provided by this specification the server uses to determine whether DNT is enabled or not enabled. Specifically, software MUST NOT cause a situation in which the value of the DNT header disagrees with the DOM interfaces provided for by this specification. For user agents that show information related to DNT in their user interface, confusion is created for the user when this information is not correct. As an example, a user agent might choose to show an indication that a website has received an exception from the user and that as a result, DNT is not enabled for the site. If a second piece of software were to modify the request in such a way as to enable DNT but the user agent still showed an indication that DNT was not enabled as a result of an exception, this would lead to confusion for the user. As such, software (be it a user agent, intermediary, or any other class of software) MUST NOT change DNT from enabled to not enabled, or vice versa, unless it can ensure that there are no indications shown to the user as part of the User Agent that would be rendered incorrect by this action. Non-normative text: If the user agent provided APIs to interact with the state of DNT, this would be one such way to ensure that user agent indications to both the user and server are consistent in all cases. Otherwise, software wishing to interact with DNT signals need to take extra care not to confuse either users or servers by paying particular attention to the DOM interfaces in Section 4.2 as well as being aware of whatever user interface a particular version of a particular user agent may provide. -Ian
Received on Wednesday, 24 October 2012 17:33:00 UTC