On Thu, Sep 13, 2012 at 12:48 PM, Eric Covener <cove...@gmail.com> wrote: > On Sat, Aug 11, 2012 at 3:51 AM, <field...@apache.org> wrote: >> Author: fielding >> Date: Sat Aug 11 07:51:52 2012 >> New Revision: 1371878 >> >> URL: http://svn.apache.org/viewvc?rev=1371878&view=rev >> Log: >> Apache does not tolerate deliberate abuse of open standards > > I've come around on this one over time. While I appreciate the > message/intent, I don't think this is reasonable for the default > configuration because it errs on the side of ditching a privacy header > and information loss for a (sensitive) header that we're not yet > interpreting. IMO it's enough even without this specific DNT text: > > "An HTTP intermediary must not add, delete, or modify the DNT header > field in requests forwarded through that intermediary unless that > intermediary has been specifically installed or configured to do so by > the user making the requests. For example, an Internet Service > Provider must not inject DNT: 1 on behalf of all of their users who > have not selected a choice."
What about _this_ specific DNT text: "The goal of this protocol is to allow a user to express their personal preference regarding tracking to each server and web application that they communicate with via HTTP, thereby allowing each service to either adjust their behavior to meet the user's expectations or reach a separate agreement with the user to satisfy all parties. Key to that notion of expression is that it MUST reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control." The header being removed does not conform to this requirement. > > I'd like to revert it, but this is not yet a veto. I'd like to hear > what others think and would appreciate an ACK from Roy/Greg/Jim who > voted for the backport to avoid any churn.
