On Thu, Sep 13, 2012 at 7:48 AM, Eric Covener <cove...@gmail.com> wrote: > On Sat, Aug 11, 2012 at 3:51 AM, <field...@apache.org> wrote: >> Author: fielding >> Date: Sat Aug 11 07:51:52 2012 >> New Revision: 1371878 >> >> URL: http://svn.apache.org/viewvc?rev=1371878&view=rev >> Log: >> Apache does not tolerate deliberate abuse of open standards > > I've come around on this one over time. While I appreciate the > message/intent, I don't think this is reasonable for the default > configuration because it errs on the side of ditching a privacy header > and information loss for a (sensitive) header that we're not yet > interpreting. IMO it's enough even without this specific DNT text: > > "An HTTP intermediary must not add, delete, or modify the DNT header > field in requests forwarded through that intermediary unless that > intermediary has been specifically installed or configured to do so by > the user making the requests. For example, an Internet Service > Provider must not inject DNT: 1 on behalf of all of their users who > have not selected a choice." > > I'd like to revert it, but this is not yet a veto. I'd like to hear > what others think and would appreciate an ACK from Roy/Greg/Jim who > voted for the backport to avoid any churn.
I agree that it should be reverted. I don't think it is technically justifiable for the default conf to remove it for IE 10. I don't think any particular web server deployment that has the general intention of respecting DNT should unset it for IE 10. If the will exists within the group, an open letter to Microsoft could be posted on httpd.apache.org regarding IE 10 flouting the user choice intent of the DNT specification.
