- From: Brendan Riordan-Butterworth <Brendan@iab.net>
- Date: Mon, 17 Sep 2012 21:26:52 +0000
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: "Roy T. Fielding" <fielding@gbiv.com>, Nicholas Doty <npdoty@w3.org>
Breaking it out, to make sure I have it right. The question is, given DNT states being sent to both first party and third party, can first party JavaScript have access to the DNT state being sent to the third party? Rigo, the question portion of your text seems to indicate that you expect the spec to indicate that it can, while the sentence portion of your text seems to indicate that it can't. Would you mind clearing that confusion up for me? To Roy, I'm pretty sure that the current language logically permits the following 4 scenarios: DNT:1 is sent to first party and all 3rd parties. This is the case when no exceptions are filed and the user has enabled the global DNT:1 flag. DNT:1 is sent to the first party and some 3rd parties. This is the case when some 3rd parties have web-wide exceptions. DNT:0 is sent to first party and all 3rd parties. This is the case when a site-wide exception has been granted. DNT:0 is sent to the first party and some 3rd parties. This is the case when fewer than all 3rd parties have been granted exceptions, either through site-specific or web-wide exceptions. Therefore the UA is allowed to send DNT:0 to the 1st party and DNT:1 to some 3rd parties, provided exceptions exist. However, I'm not absolutely sure about this understanding - you hint at another issue (which is highlighted in Issue 111), which indicates that DNT:0 means something different depending on whether the recipient is a first party or a 3rd party. So my read of the Exceptions section may be off. Thanks! /brendan. -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Monday, September 17, 2012 3:58 PM To: public-tracking@w3.org Cc: Roy T. Fielding; Nicholas Doty Subject: Re: action-241: Propose changes regarding issue-116 (and also "general preference") On Tuesday 11 September 2012 16:37:45 Roy T. Fielding wrote: > If the UA is allowed to send DNT:0 to the first party while it is > sending DNT:1 to subrequests, or allowed to send DNT:1 to a subrequest > for which an exception call was made and the exception granted, then > the API is useless. Wasn't the API defined this way so the first party could know which of its third party get an exception? Because the first party can't know if the browser sends DNT:0 to a third party. Rigo
Received on Wednesday, 19 September 2012 09:12:56 UTC