Re: Navigation Error Logging spec update from Chase Douglas on 2013-12-11 (public-web-perf@w3.org from December 2013)

From: Chase Douglas <chase@newrelic.com>
Date: Wed, 11 Dec 2013 10:46:38 -0800
To: Arvind Jain <arvind@google.com>
Cc: "Aaron Heady (BING AVAILABILITY)" <aheady@microsoft.com>, public-web-perf <public-web-perf@w3.org>
Message-ID: <CAKNWE6H3X_i6aGyzLO2pDDQ+_dun9=vXW9Fc3g85qQbR0WoV8g@mail.gmail.com>

One thing I've noticed in the timeline specs, so not just this spec, is
that it is not easy to match up a timeline event entry with a specific
request. If I hit the same endpoint twice, but one time it errors with one
reason, and the other time it errors for a different reason, I don't really
know which failed why unless I track the chronologic order of requests. Has
there been any discussion about this issue?


On Mon, Dec 9, 2013 at 6:03 PM, Arvind Jain <arvind@google.com> wrote:

> I think we should not retry the logging fetch. I hope that addresses the
> DDOS issue.
>
> Arvind
>
>
> On Mon, Dec 9, 2013 at 10:06 AM, Aaron Heady (BING AVAILABILITY) <
> aheady@microsoft.com> wrote:
>
>>  At some point we discussed how the UA should behave if it is a private
>> browsing session. It should likely not log anything. Does that need to be
>> alluded to in 5 Privacy and Security?
>>
>>
>>
>> Looking at *enableNavigationErrorReporting. *This looks like it could
>> spiral out of control if both the content origin and the logging origin is
>> host on the same architecture. For example:
>>
>>
>>
>> A request to http://example.com results in a HTTP 500 because of a bug
>> on the origin when it is under too much load (DDOS, internal capacity
>> issue, etc). The UA formats a NavigationErrorEntry and prepares to send it
>> to http://example.com/logging. That in turn results in a 500 error, and
>> increases the load on the origin.
>>
>>
>>
>> Should there be some back off logic? If a logging fetch fails, don’t try
>> again for n*2 seconds, doubling as it continues to fail. If a logging fetch
>> fails, does it retry? That is getting into the beacon logic, but it seems
>> like if we are going to allow some global set of UA’s to automatically send
>> logging fetches during errors, then we need some idea to limit how much
>> further impact they could cause, or it is DDOS waiting to happen.
>>
>>
>>
>> Aaron
>>
>>
>>
>>
>>
>> *From:* Arvind Jain [mailto:arvind@google.com]
>> *Sent:* Sunday, December 8, 2013 11:32 AM
>> *To:* public-web-perf
>> *Subject:* Re: Navigation Error Logging spec update
>>
>>
>>
>> Checking in.
>>
>>
>>
>> Do folks have any comments on the draft?
>>
>>
>>
>> Arvind
>>
>>
>>
>> On Fri, Nov 29, 2013 at 6:25 PM, Arvind Jain <arvind@google.com> wrote:
>>
>>  I added two methods to the interface to allow reporting of errors in
>> real time to a report url as per *ACTION-117 -* *Add method to allow
>> ability to send to a third party url.*
>>
>>
>>
>>
>> https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/NavigationErrorLogging/Overview.html
>>
>>
>>
>> Please review and let me know if you have any concerns.
>>
>>
>>
>> Arvind
>>
>>
>>
>
>

Received on Wednesday, 11 December 2013 18:47:06 UTC