Re: [hybi] Additional HTTP headers on upgrade request?
Jamie Lokier <jamie@shareable.org> Wed, 21 July 2010 23:04 UTC
Return-Path: <jamie@shareable.org>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 756FB3A6857 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 16:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TVn9BBXOhHC0 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 16:04:14 -0700 (PDT)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id AB4433A68F0 for <hybi@ietf.org>; Wed, 21 Jul 2010 16:04:08 -0700 (PDT)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1ObiKu-0000ix-9R; Thu, 22 Jul 2010 00:04:24 +0100
Date: Thu, 22 Jul 2010 00:04:24 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Ian Hickson <ian@hixie.ch>
Message-ID: <20100721230424.GC14589@shareable.org>
References: <n2s188fcbce1005071111kd19e6f41m861eaeb593d88475@mail.gmail.com> <4BE5994E.4010701@webtide.com> <u2n188fcbce1005092125veaf94306u249a225bdd3925ca@mail.gmail.com> <B8058102-9589-4663-976D-217B939667DD@apple.com> <Pine.LNX.4.64.1007210038520.7242@ps20323.dreamhostps.com> <20100721011221.GC27243@shareable.org> <Pine.LNX.4.64.1007212234440.7242@ps20323.dreamhostps.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.1007212234440.7242@ps20323.dreamhostps.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: hybi@ietf.org
Subject: Re: [hybi] Additional HTTP headers on upgrade request?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 23:04:31 -0000
Ian Hickson wrote: > On Wed, 21 Jul 2010, Jamie Lokier wrote: > > > > The use case for User-Agent, normally determined by the client > > implementation (not the application running on top of the WebSocket > > API), is to provide servers with unreliable but pragmatically useful > > information about what client implementations are using the server. > > > > It is used for profiling, for general interest, for tracking what > > clients may need to be supported if there are particular issues to be > > avoided with some clients (such as a particular message that breaks one > > of them), for tracking when clients with particular workarounds on the > > server have fallen into sufficient misuse that the workarounds can be > > removed, and for implementing specific workarounds for particular > > recognised clients. > > > > Hopefully workarounds at the WebSocket framing level are unlikely to be > > commonly needed (although that might not be true if some clients have a > > small message size limit and particular server applications have to > > format their messages to accomodate this); but User-Agent turned out to > > be quite pragmatic in HTTP for dealing with client-specific issues that > > nobody had foreseen until they were too widely deployed to ignore or > > fix. > > This seems reasonable, but it also seems like something that we should > just push to the application layer, and that we can push to the > application layer with minimal incremental cost -- and indeed with some > side-benefits, like making the handshake simpler for people who don't need > this information, like preventing the problems that occured with HTTP's > User-Agent header (such as everything saying they're Mozilla), and like > giving authors more control over exactly what they want to check for (e.g. > some might only care about the rendering engine, others might care only > about the user's screen size, and by pushing it into the application layer > we allow the subprotocol designers to decide what is important to them). I'm thinking of when the people writing the server have no relationship with the people writing applications (so they can't fix applications), and need to handle client implemention issues (not application issues). For example suppose Yahoo provided a WebSocket-based access to their public YQL query system, and suppose ten thousand authors wrote client applications to run in the major browsers, and most of those applications were cut-and-pasted by other authors who used them without understanding how they work. Then suppose it was discovered that certain rare byte sequences or other low-level thing triggered a fault in Firefox 4.2.1, due to a Firefox implementation bug, fixed in 4.2.2. (That's the sort of ugly thing which HTTP User-Agent is used to work around). And suppose 4.2.1 was widely distributed and despite 4.2.2's availability, millions of users continued to use 4.2.1 for some years. If that happened, it would be in Yahoo's interest to avoid the problematic byte sequences somehow, as transparently as possible. They couldn't alter the client applications to send the browser version; issuing advice to authors would be slow to have effect, and anyway many deployed clients would have been cut-and-pasted, so even authors updating their code would be slow to have an effect. So in the absence of anything like User-Agent, Yahoo would have to implement some kind of dirty low-level workaround affecting all clients, despite only being needed for Firefox 4.2.1. I agree there's plenty of issues with User-Agent in the HTTP world; it's no panacea. But it has been pragmatically useful for working around HTTP low-level issues, such as breaking at certain response lengths, or when claiming to support a negotiated feature but actually being broken so the offer has to be ignored. I've no correct answer for this, only the observation that User-Agent has been pragmatically helpful in HTTP, despite the "everything pretends to be Mozzilla" . However I think it's more relevant if the handshake acquires feature negotiation, specifically to ignore feature offers from WebSocket implementations that are found to have buggy implementations of features. -- Jamie
- [hybi] Additional HTTP headers on upgrade request? Doug Simpkinson
- Re: [hybi] Additional HTTP headers on upgrade req… Greg Wilkins
- Re: [hybi] Additional HTTP headers on upgrade req… Doug Simpkinson
- Re: [hybi] Additional HTTP headers on upgrade req… Greg Wilkins
- Re: [hybi] Additional HTTP headers on upgrade req… Maciej Stachowiak
- Re: [hybi] Additional HTTP headers on upgrade req… Ian Hickson
- Re: [hybi] Additional HTTP headers on upgrade req… Jamie Lokier
- Re: [hybi] Additional HTTP headers on upgrade req… Greg Wilkins
- Re: [hybi] Additional HTTP headers on upgrade req… Greg Wilkins
- Re: [hybi] Additional HTTP headers on upgrade req… Willy Tarreau
- Re: [hybi] Additional HTTP headers on upgrade req… Willy Tarreau
- Re: [hybi] Additional HTTP headers on upgrade req… Ian Hickson
- Re: [hybi] Additional HTTP headers on upgrade req… Jamie Lokier
- Re: [hybi] Additional HTTP headers on upgrade req… Jamie Lokier
- Re: [hybi] Additional HTTP headers on upgrade req… Ian Hickson
- Re: [hybi] Additional HTTP headers on upgrade req… Willy Tarreau
- Re: [hybi] Additional HTTP headers on upgrade req… John Tamplin
- Re: [hybi] Additional HTTP headers on upgrade req… Simone Bordet
- Re: [hybi] Additional HTTP headers on upgrade req… Greg Wilkins