IETF Logo Mail Archive

Re: Issue #356: Form-encode Expect-CT report bodies?

Anne van Kesteren <annevk@annevk.nl> Sat, 01 July 2017 14:21 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E111205F0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 1 Jul 2017 07:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.501
X-Spam-Level:
X-Spam-Status: No, score=-6.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=annevk.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_fd-0O7HHOt for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 1 Jul 2017 07:21:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9725A1204DA for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 1 Jul 2017 07:21:19 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.84_2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dRJDT-0006IN-SX for ietf-http-wg-dist@listhub.w3.org; Sat, 01 Jul 2017 14:17:43 +0000
Resent-Date: Sat, 01 Jul 2017 14:17:43 +0000
Resent-Message-Id: <E1dRJDT-0006IN-SX@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <annevk@annevk.nl>) id 1dRJDM-0006HR-U9 for ietf-http-wg@listhub.w3.org; Sat, 01 Jul 2017 14:17:36 +0000
Received: from homie.mail.dreamhost.com ([208.97.132.208] helo=homiemail-a61.g.dreamhost.com) by titan.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from <annevk@annevk.nl>) id 1dRJDH-0002BI-24 for ietf-http-wg@w3.org; Sat, 01 Jul 2017 14:17:31 +0000
Received: from homiemail-a61.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTP id 79C8857806E for <ietf-http-wg@w3.org>; Sat, 1 Jul 2017 07:17:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=annevk.nl; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc: content-type; s=annevk.nl; bh=+RWRNH6e3MkLIJRtA2LVB1tYZ+E=; b=m1 hpXa2hPEMd/pnsuxKg/Ly7xLJIernGAc/BiqxorJ2OnowKHHik+zq0I1cRWYI10P 1dvnQHckwze28vppy7j6NSFWkIJX8oB3wdatDGF6wcvyz+qWxeSetPjW88kPYKMF VIeOpQIctW04dw7ztmuSPz1XcCotmCU41cTI3m5ls=
Received: from mail-yb0-f170.google.com (mail-yb0-f170.google.com [209.85.213.170]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: annevk@annevk.nl) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTPSA id 65941578059 for <ietf-http-wg@w3.org>; Sat, 1 Jul 2017 07:17:08 -0700 (PDT)
Received: by mail-yb0-f170.google.com with SMTP id e201so45418882ybb.1 for <ietf-http-wg@w3.org>; Sat, 01 Jul 2017 07:17:08 -0700 (PDT)
X-Gm-Message-State: AKS2vOxpil1UNp3AbrJYCOqL/hef0gNiSYYZeF+KnlOk1qNrEXg3KkXD 2BbAs7rP52NOODZpzndKuEdFE1+3FA==
X-Received: by 10.37.77.5 with SMTP id a5mr21462821ybb.237.1498918627713; Sat, 01 Jul 2017 07:17:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.212.80 with HTTP; Sat, 1 Jul 2017 07:17:07 -0700 (PDT)
In-Reply-To: <CAOdDvNobhQ16V4AqRVQk0RMA76t6H5qzwgpt9SWckSxpS4iirg@mail.gmail.com>
References: <CAPP_2Sa+6eSAChgp8KrzabPJUkMmiKBhWp1dFhS0zOVnXrenLw@mail.gmail.com> <CAOdDvNoStrOu=SSZJrKMsQFjG2YVtiLqMdvXP_1PKJ_a+58Mfw@mail.gmail.com> <CABkgnnUVYB1Dqh4efe25bKx=-2iOBXHZg=3fgXjvbRn28b6nuw@mail.gmail.com> <CAOdDvNqquZymrmE3i3DFfdgVUuq-iWxr0+jvO3AF0NymnJK9Zg@mail.gmail.com> <CAPP_2SYNkReoDOjRKdEWtrP=ZGhPO2mKCoQm9Pm7LjcNLyoC+Q@mail.gmail.com> <CAPP_2SYLpKBo-rWV4oMG7V3FeN4aZ7fZEOdFgwFC8ASmFKmvqA@mail.gmail.com> <CABkgnnWU09-kV8gAu6xZV7n-rvrmL6R98EzA7O7nxTjBMFntpQ@mail.gmail.com> <CAPP_2Sa7b3XTgFE0VcF7-ffxYMOuhR8vHTROL88RDus4foP8CA@mail.gmail.com> <CABkgnnU-c4FbBNGz4V-jpO-Rwc5Evy7DFzmBdsT0xkZFv+Drxg@mail.gmail.com> <CAPP_2SY8h-ymtTubY0GMLqWctP4MXXu9nSiUU228gJ5drzZZQg@mail.gmail.com> <CABkgnnXEUdZ9M=911wGcNVqL+=qpwfvnE+3rNu1g3ApepyCKFA@mail.gmail.com> <CAPP_2SYJGXqLOh_E56Aou5RgO2mLNzUYWVZHmwu9_vN2MsV9XA@mail.gmail.com> <CABkgnnVBNHUoSHud88PJGNziA3BMRU7Sd5jhkqVtKfdrGxJHZQ@mail.gmail.com> <CAOdDvNobhQ16V4AqRVQk0RMA76t6H5qzwgpt9SWckSxpS4iirg@mail.gmail.com>
From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 01 Jul 2017 07:17:07 -0700
X-Gmail-Original-Message-ID: <CADnb78jKBihj6A4mhxhQg2k2OBg8PtBnkZ4KDn8WenJ2ftSxww@mail.gmail.com>
Message-ID: <CADnb78jKBihj6A4mhxhQg2k2OBg8PtBnkZ4KDn8WenJ2ftSxww@mail.gmail.com>
To: Patrick McManus <mcmanus@ducksong.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Emily Stark <estark@google.com>, httpbis <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=208.97.132.208; envelope-from=annevk@annevk.nl; helo=homiemail-a61.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=1.189, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1dRJDH-0002BI-24 724208ef302f70a460401e720dfd80bf
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Issue #356: Form-encode Expect-CT report bodies?
Archived-At: <http://www.w3.org/mid/CADnb78jKBihj6A4mhxhQg2k2OBg8PtBnkZ4KDn8WenJ2ftSxww@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34038
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sat, Jun 10, 2017 at 2:19 AM, Patrick McManus <mcmanus@ducksong.com> wrote:
> second, cors clearly makes some distinction between UA content and
> content-content.. request headers for example. The notion being that the UA
> can effectively make at least some decisions about what will botch things up
> compared to what arbitrary JS might do.

There is some of that (Last-Event-ID from EventSource comes to mind,
not sure there is anything else really), but generally this is no
longer true and I think we should try not to go there.

Deciding on a case-by-case basis when it's okay to violate the
same-origin policy seems rather dangerous, especially as we don't seem
to have a set of guidelines to make those kind of decisions.


-- 
https://annevankesteren.nl/

v2.23.0 | Report a Bug | By Email