271 Matching Annotations
  1. Jul 2021
  2. datatracker.ietf.org datatracker.ietf.org
    1. Relationship to TCP and HTTP _This section is non-normative._ The WebSocket Protocol is an independent TCP-based protocol. Its only relationship to HTTP is that its handshake is interpreted by HTTP servers as an Upgrade request. By default, the WebSocket Protocol uses port 80 for regular WebSocket connections and port 443 for WebSocket connections tunneled over Transport Layer Security (TLS) [RFC2818].
    1. The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), whereas successive identical POST requests may have additional effects, akin to placing an order several times.
    1. Sending body/payload in a GET request may cause some existing implementations to reject the request — while not prohibited by the specification, the semantics are undefined. It is better to just avoid sending payloads in GET requests.
    2. Requests using GET should only be used to request data (they shouldn't include data).
    1. So long as the filters are only using GET requests to pull down links, there’s nothing fundamentally wrong with them. It’s a basic (though oft-ignored) tenet of web development that GET requests should be idempotent; that is, they shouldn’t somehow change anything important on the server. That’s what POST is for. A lot of people ignore this for convenience’s sake, but this is just one way that you can get bitten. Anyone remember the Google Web Accelerator that came out a while ago, then promptly disappeared? It’d pre-fetch links on a page to speed up things if you clicked them later on. And if one of those links happened to delete something from a blog, or log you out… well, then you begin to see why GET shouldn’t change things. So yes, the perfect solution to this is a 2-step unsubscribe link: the first step takes to you a page with a form on it, and that form then POSTs something back that finalizes the unsubscribe request.
    2. Idempotent just means that following a link twice has exactly the same effect on persistent state as clicking it once. It does not mean that following the link must not change state, just that after following it once, following it again must not change state further. There are good reasons to avoid GET requests for changing state, but that’s not what idempotent means.
    1. Each of them implements a different semantic, but some common features are shared by a group of them: e.g. a request method can be safe, idempotent, or cacheable.

      Which ones are in each group?

      Never mind. The answer is in the pages that are being linked to.

    2. request method can be safe, idempotent, or cacheable.
  3. Jun 2021
    1. And now let’s be even bolder still. What if every country in the world chose to be like Costa Rica in prioritizing human well-being, using its wealth for the well-being of its citizens?

      Unfortunately, there are some countries that will continue to experience unrest due poverty and inequality in the land. This can be attributed to the greediness of the leaders. The people in the leadership of such countries do not care about the well-being of their citizens. The wealth from the resources of the country are unequally distributed to alleviate poverty in some parts of the county while some individuals in the government embezzle funds. There are lack of basic needs not to mention the basic infrastructures for the survival of the citizens. This can have a huge negative impact on the Social Progress index/Global Growth.

    1. Handling 401s well is important for the user's experience. They won't happen often (though more often than I expected), but really do break everything if you're not careful. Getting a good authentication abstraction library for Vue or Ember or whatever you are using should help with a lot of the boring parts. You'll probably need to define some extra strategies/rules for this cookie session approach, but if it's anything like in ember-simple-auth they're so simple it feels like cheating, because the Rails app is doing all of the hard work and you just need the js part to spot a 401 and handle logging in and retrying whatever it was doing before.
    1. This status is sent with a WWW-Authenticate header that contains information on how to authorize correctly.
    2. The HTTP 401 Unauthorized client error status response code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
    1. Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.
  4. May 2021
    1. The job of this function is to return a { status, headers, body } object representing the response, where status is an HTTP status code: 2xx — successful response (default is 200) 3xx — redirection (should be accompanied by a location header) 4xx — client error 5xx — server error
  5. Apr 2021
    1. op irrigation and drainage, multiple outdoor decks and terraces spanning more than 2,000 square feet, and a pool with a spa, according to the listing with Benjamin Illulian of Keller Williams. More: Jeff Bezos Drops $16 Million on Another Manhattan Pad to Create a ‘Vertical’ Dream Home Interior space is divided into four bedrooms, four bathrooms, formal living and dining rooms and an eat-in kitchen. The property is equipped with smart home appliances, and comes with 50 feet of curb frontage. Plus, it’s just steps away from popular shops and restaurants, the listing said. Mr. Illulian, who listed the property for $5.195 million in December 2019, didn’t respond to a request for comment. From: Penta Art Museums Given Leeway in Funding Mr. Legend, 41, a singer and music producer, and Ms. Teigen, 34, a model and TV personality, could not immediately be reached for comment. The couple recently purchased a Manhattan apartment—their second in the same building. Marshall Peck of Douglas Elliman, who represented the buyers in the deal, declined to comment.   if (!window.WEBUI_NEWSLETTERCARDS) { window.WEBUI_NEWSLETTERCARDS = []; } window.WEBUI_NEWSLETTERCARDS.push({ articleId: 'MG0000214176', state: {"data":{},"id":"mg/newsletterCard","context":{"newsletterId":"801","newsletter":{"_id":"5ec24a31d782d55d025c60ae","node_type":"newsletter","edition":"mansionglobal","section":"newsletters","id":"801","label":"Week in Review","description":"Shares the stories you may have missed from the world of luxury real estate","index":2,"previewURL":"","imageURL":"","addURL":"","addLabel":"","subOnly":false,"orderAlphabetic":"","options":"","disableSignup":false},"isLoggedIn":false,"hasFullNewsletterAccess":false,"hasFreeNewsletterAccess":false,"region":"na,us","editionId":"mansionglobal","returnLink":"https://www.mansionglobal.com"},"package":{"accessedContext":[],"nodes":{"0":{"component":{"id":"275181c7-8620-4df3-a008-d0cd9937db22","acceptsTypes":{},"isConditional":false,"$context":{},"decorators":["MGTheme"]},"children":["webUINewsletterCard-0.0"],"treeOrder":1,"name":"0","hierarchy":"0"},"webUINewsletterCard-0.0":{"component":{"content":{},"options":{"productId":200,"captchaSiteKey":"6LcmI7sUAAAAAF-vTKb3JIwIzz2CXCx8hJW0Ukis","origin":"articles_app","returnLink":"https://www.mansionglobal.com","editionId":"mansionglobal","content":{"data":{}}},"decorators":["MGTheme"],"id":"c7081dd6-0394-e7b2-1124-a02c2970agdf","acceptsTypes":{"newsletter_config_data":true},"isConditional":false,"$context":{"./content/newsletter":{"key":[".","content","newsletter"],"value":["#","newsletter"]},"./options/region":{"key":[".","options","region"],"value":["#","region"]},"./options/newsletterId":{"key":[".","options","newsletterId"],"value":["#","newsletterId"]},"./options/userEmail":{"key":[".","options","userEmail"],"value":["#","userEmail"]},"./options/loggedIn":{"key":[".","options","loggedIn"],"value":["#","isLoggedIn"]},"./options/hasFullNewsletterAccess":{"key":[".","options","hasFullNewsletterAccess"],"value":["#","hasFullNewsletterAccess"]},"./options/hasFreeNewsletterAccess":{"key":[".","options","hasFreeNewsletterAccess"],"value":["#","hasFreeNewsletterAccess"]},"./options/content/data/list":{"key":[".","options","content","data","list"],"value":["#","newsletter"]}}},"name":"webUINewsletterCard-0.0","treeOrder":2,"hierarchy":"0"}},"root":"0","states":{"nodes":[],"data":[],"hierarchy":{},"dedupeGroups":{},"components":{"code___decoratedComponent___275181c7-8620-4df3-a008-d0cd9937db22___MGTheme":{"id":"275181c7-8620-4df3-a008-d0cd9937db22","decorators":["MGTheme"]},"code___decoratedComponent___c7081dd6-0394-e7b2-1124-a02c2970agdf___MGTheme":{"id":"c7081dd6-0394-e7b2-1124-a02c2970agdf","decorators":["MGTheme"]}}},"refreshInterval":null},"currentState":{"data":[],"nodes":{},"hierarchy":{},"dedupeGroups":{},"components":{"code___decoratedComponent___275181c7-8620-4df3-a008-d0cd9937db22___MGTheme":{"id":"275181c7-8620-4df3-a008-d0cd9937db22","decorators":["MGTheme"]},"code___decoratedComponent___c7081dd6-0394-e7b2-1124-a02c2970agdf___MGTheme":{"id":"c7081dd6-0394-e7b2-1124-a02c2970agdf","decorators":["MGTheme"]}}}} }); Newsletter Sign-up Week in Review Shares the stories you may have missed from the world of luxury real estate PREVIEWSUBSCRIBE window.INITIAL_PROPS_NEWSLETTER_BOTTOM_COL = {} NEW LISTINGS SINGLE FAMILY HOME LOS ANGELES

      )

  6. Mar 2021
  7. Feb 2021
    1. Source maps eliminate the need to serve these separate files. Instead, a special source map file can be read by the browser to help it understand how to unpack your assets. It "maps" the current, modified asset to its "source" so you can view the source when debugging. This way you can serve assets in development in the exact same way as in production.
    1. When Sprockets was introduced, one of the opinions that it held strongly, is that assets such as CSS and JS should be bundled together and served in one file.
    2. The alternative was to have multiple scripts or stylesheet links on one page, which would trigger multiple HTTP requests. Multiple requests mean multiple connection handshakes for each link “hey, I want some data”, “okay, I have the data”, “alright I heard that you have the data, give it to me” (SYN, ACK, SYNACK). Even once the connection is created there is a feature of TCP called TCP slow start that will throttle the speed of the data being sent at the beginning of a request to a slower speed than the end of the request. All of this means transferring one large request is faster than transferring the same data split up into several smaller requests.
  8. Dec 2020
  9. Nov 2020
    1. GET is the primary mechanism of information retrieval and the focus of almost all performance optimizations.
    2. So before using GET with Body parameter, you must first ensure the servers are supporting it. It is possible that some servers might ignore the body of GET request or behavior like caching GET/HEAD requests might cause issues.
    3. A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.
    1. All browers handle 302 incorrectly. Chrome 30, IE10. It became the de facto incorrect implementation; that cannot be changed because so many web-sites issue mistakenly issue 302. In fact ASP.net MVC incorrectly issues 302, depending on the fact that browsers handle it incorrectly.
  10. Oct 2020
    1. "Most Native Americans did not neatly distinguish between the natural and the supernatural. Spiritual power permeated their world and was both tangible and accessible"

      This shows how much more open Natives were to the super Naturaul unlike the Europeans who were more than likely christians.

    2. my first question: is what do they mean exactly by "kinship"?

      My second question is: what does the reading mean by Chiefdoms?

    3. "Food surpluses enabled significant population growth, and the Pacific Northwest became one of the most densely populated regions of North America"

      This is significant because it shows how succesful the natives were before the Europeans showed up and spread native European diseases to Natives.

    1. strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (e.g. HTTPS→HTTPS), but don't send it to a less secure destination (e.g. HTTPS→HTTP).
  11. Sep 2020
  12. Aug 2020
    1. I don't think it should be the individual application's responsibility to add Cache-Control: Vary when that negotiation/routing is done by Rails on behalf of the app, do you?
    2. Expected behavior Response should include Vary: Accept to show that the response differs due to content negotiation. Actual behavior All responses are considered equal to the user agent, leading to caching issues. See these bugs:
    1. Yeah, so I believe what we want is.. If an action has no templates defined at all, AND it has no respond_to { ... } block, then it should do a 204 If an action has certain templates defined, AND it has no respond_to { ... } block, then it should do a 406 for formats with no templates If an action has a respond_to { ... } block, then it should do a 406 for formats not in the list
  13. May 2020
  14. Apr 2020
    1. “What other framework has integrated support for 786 TRY IT NOW ?”

      I couldn't find documentation of what this is referring to. Is it a custom HTTP status code?

      https://falcon.readthedocs.io/en/stable/api/status.html mentions

      HTTP status line, e.g. ‘748 Confounded by Ponies’. but not 786.

    2. When it comes to building HTTP APIs, other frameworks weigh you down with tons of dependencies and unnecessary abstractions. Falcon cuts to the chase with a clean design that embraces HTTP and the REST architectural style.
    1. This API uses request body in GET requests. For a long time this was prohibited in RFC2616 HTTP specification, but since RFCs 7230-7237, it is only discouraged, since older implementations could reject such requests. However, given that major APIs such as ElasticSearch's already implement GET with request bodies, there is precedence to such implementation.

      My first sighting of the sending a request body with get request.

    1. One mistake that we made when creating the import/export experience for Blogger was relying on one HTTP transaction for an import or an export. HTTP connections become fragile when the size of the data that you're transferring becomes large. Any interruption in that connection voids the action and can lead to incomplete exports or missing data upon import. These are extremely frustrating scenarios for users and, unfortunately, much more prevalent for power users with lots of blog data.
    1. Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

      "Fold" should be replaced with "combine" to make this paragraph consistent with the HTTP/1 specs (RFC 2616, RFC 7230).

      https://www.rfc-editor.org/errata/eid6093 https://stackoverflow.com/questions/3241326/

  15. Mar 2020
    1. I would standardize an RPOST (for reliable post) method which would either accept a message ID from the client or return a new URI with a message ID in it.

      The answer!

    2. we need to make certain that we set up our system so that multiple POSTs of the same data are not harmful

      This is the goal of this article.

    3. by definition it is safe to try again

      How safe is it really? No problem with GET but what other operations? How about re-sending the PUT message a month later?

    1. not cacheable, unless the response includes appropriate Cache-Control or Expires header fields

      To read more about Cache-Control header see: https://tools.ietf.org/html/rfc7234#section-5.2

    2. PUT method requests that the enclosed entity be stored
    1. If a server responds to a POST or other non-idempotent request with a 303 See Other response and a value for the location header, the client is expected to obtain the resource mentioned in the location header using the GET method
    2. to trigger a request to the target resource using the same method, the server is expected to provide a 307 Temporary Redirect response
  16. Feb 2020
  17. Dec 2019
    1. I understand that GitHub uses "Not Found" where it means "Forbidden" in some circumstances to prevent inadvertently reveling the existence of a private repository. Requests that require authentication will return 404 Not Found, instead of 403 Forbidden, in some places. This is to prevent the accidental leakage of private repositories to unauthorized users. --GitHub This is a fairly common practice around the web, indeed it is defined: The 404 (Not Found) status code indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists. --6.5.4. 404 Not Found, RFC 7231 HTTP/1.1 Semantics and Content (emphasis mine)
    1. If your only reason for using Axios is backward compatibility, you don’t really need an HTTP library. Instead, you can use fetch() with a polyfill like this to implement similar functionality on web browsers that do not support fetch(). To begin using the fetch polyfill, install it via npm command: npm install whatwg-fetch --save
    1. If you are using a JavaScript library, chances are it comes with a client HTTP API. jQuery’s $.ajax() function, for example, has been particularly popular with frontend developers. But as developers move away from such libraries in favor of native APIs, dedicated HTTP clients have emerged to fill the gap.
    1. Note that adding the X-Requested-With header makes the request "unsafe" (as defined by CORS), and will trigger a preflight request, which may not be desirable.
    2. It shouldn't be useful to distinguish between requests made by Ajax and other kinds of request. Pretty much any usecase where you'd want to do that is better served by using the Accept header to ask for data in a specific format.
  18. Oct 2019
    1. Is anyone aware of a lua http lib that supports keepalive?

      When sending a request you can pass the following keepalive settings which will keep the connection open:

      local http = require "resty.http"
      local httpc = http.new()
      httpc:connect("127.0.0.1", 9081)
      local response, err = httpc:request({
        path = "/proxy" .. ngx.var.request_uri, 
        method = "HEAD",
        headers = ngx.req.get_headers(),
        keepalive_timeout = 60,
        keepalive_pool = 10,
      })
      
    1. Programas efectivos de prevención e intervención en Bullying

      Múltiples y diversas intervenciones se han desarrollado para afrontar esta problemática (por ejemplo, Minton & O'Moore, 2008; Olweus, 1993; Smith, Ananiadou, & Cowie, 2003; Varela & Tijmes, 2008 entre otros). Sin embargo, a pesar de los numerosos programas existentes, solo unos pocos han demostrado ser efectivos. De hecho, los programas exitosos se caracterizan por abordar esta problemática en sus diversos niveles y no con actividades puntuales ni aisladas.

      Con respecto a la experiencia internacional, "Olweus Bullying Prevention Program", es uno de los programas pioneros en la intervención del Bullying (Olweus, 1993). Este programa se basa en un modelo comprensivo que opera en distintos niveles: escolar, sala de clases e individual. Tiene como objetivo reducir y eliminar tanto el Bullying directo como el indirecto, mejorar las relaciones de pares en el establecimiento educacional y crear las condiciones que permitan que tanto víctima como victimario logren funcionar mejor dentro y fuera de éste. Las estrategias del programa incluyen la promoción y creación de un ambiente positivo en todo el establecimiento educacional, donde la participación de los adultos (docentes y familias) es fundamental; y la creación de límites claros frente a la conductas que no son aceptadas dentro del contexto escolar, requiriendo que las sanciones que se aplican a los victimarios sean consistentes, no castigadoras e involucren un proceso de reflexión y reparación (Olweus, 2004). La evaluación de este programa indica que fue exitoso, disminuyendo en un 50% el autoreporte de Bullying (tanto de víctima como victimario), la incursión en otro tipo de conductas antisociales, y mejorando el clima escolar (Olweus, 2004).

      En Inglaterra se llevó a cabo el programa "Sheffield Anti-Bullying Project", inspirado en el programa de Olweus. Este programa busca desarrollar políticas institucionales en el establecimiento educacional que permitan detener la victimización por Bullying a nivel de toda la comunidad escolar, utilizando estrategias como el desarrollo de políticas integrales para detener la victimización, el desarrollo curricular para crear conciencia del problema, el trabajo individual, seguimiento y monitoreo tanto de la víctima como del agresor, modificación de los espacios físicos de riesgo, y el monitoreo permanente de los niveles de victimización dentro de la escuela. La evaluación del programa, llevado a cabo en cuatro establecimientos educacionales durante 18 meses, demostró que disminuyó el porcentaje de victimización (14% en primaria y 7% en secundaria), la tasa de agresión (12% en primaria y secundaria), y aumentaron las denuncias por agresión a los profesores (Smith, et al., 2003).

      El "Programa educativo de prevención de maltrato entre compañeros y compañeras" (SAVE) desarrollado en España, es otro ejemplo de programas con resultados exitosos. Este programa toma un modelo integral, preventivo, ecológico y comunitario e involucra a los alumnos, profesores, familia y comunidad. El programa no solo disminuyó las conductas de Bullying, sino que logró promover las relaciones interpersonales como un factor protector frente a la violencia escolar (Ortega, Del Rey, & Mora-Merchán, 2004).

      Por otra parte, Finlandia cuenta con el "Programa Anti-bullying Kiva" desarrollado en la Universidad de Turku y financiado por el Ministerio de Educación de este país, el cual presenta estrategias universales para prevenir situaciones de intimidación y, a su vez, detener la intimidación en curso. El programa contiene una serie de herramientas concretas para los educadores, lecciones para estudiantes, material de aprendizaje virtual, e indicaciones claras para los integrantes de la comunidad escolar para detener las situaciones de intimidación de manera efectiva (Salmivalli, Kärnä & Poskiparta, 2011; Kärnä, Voeten, Little, Poskiparta, Kaljonen & Salmivalli, 2011).

      Otros programas internacionales que han demostrado efectividad son el "Programa Apoyo Positivo al Estudiante" (Positive Behavior Support-PBS, Sprague & Golly, 2005) y los Programas Anti-bullying en Irlanda: "Programa ABC" (Minton & O'Moore, 2008). Todos se basan en una aproximación multinivel del fenómeno, la implementación de estrategias de prevención e intervención de manera sistemática, organizadas y planificadas a largo plazo. Así como también, la implementación de estrategias orientadas al desarrollo de un clima social escolar positivo y al fomento de habilidades socio-emocionales.

      En Chile, uno de los primeros programas en evaluar su efectividad fue el programa piloto "Aprendiendo Juntos", basado en el modelo de intervención del "Positive Behavior Support-PBS". Se implementó en un establecimiento educacional de la cuidad de Santiago, donde se logró disminuir en un 34,7%, los incidentes violentos entre los alumnos, medido a través de la disminución del promedio diario de alumnos derivados a inspectora1 en los años 2006 y 2007 (Varela, Tijmes & Sprague 2009). Otra experiencia chilena evaluada fue el Programa Recoleta en Buena implementado en 4 establecimientos educacionales donde se evaluó a 677 estudiantes el año 2006 y 553 el año 2008, de 5º básico a IVº medio. El programa logró disminuir el promedio de los reportes de violencia (víctimas, victimarios y testigos), salvo los reportes de violencia de tipo delictual (violencia más grave). Sin embargo, sus resultados reportaron efectividad a nivel primario permitiendo impactar en toda la comunidad escolar (Varela, 2011).

      Tanto la experiencia internacional como en Chile en la implementación de programas de prevención e intervención de violencia en las escuelas ha demostrado la importancia de abordar esta problemática desde un modelo ecológico (Orpinas, 2009). Es decir, que los programas presenten un abordaje integral, los cuales apunten a los distintos niveles del sistema escolar: políticas públicas, red educativa, familias, y personas, así como la interrelación entre estos niveles. Asimismo, las estrategias de intervención y de prevención deben ser organizadas, sistemáticas y planificadas a largo plazo. Estas estrategias deben estar orientadas a prevenir, intervenir y promover un clima social escolar positivo, incrementar la empatía, el desarrollo de las competencias sociales, la promoción de conductas prosociales, la resolución de conflictos y la mediación.

      A pesar de lo anterior, la experiencia ha demostrado que existe una escasez de estudios de efectividad sobre programas integrales de prevención del Bullying, a nivel de los países de Sudamérica. Es por esto que el presente artículo evalúa la efectividad de un programa de prevención e intervención de Bullying y Ciberbulling, basado en los lineamientos de los programas que han demostrado ser exitosos, en alumnas que cursan de 4º año básico a IVº año medio de un establecimiento educacional femenino de Santiago de Chile.

  19. Sep 2019
    1. Of course, as organizations disolve and mutate, there is nothing to stop one organization from taking over the support of  the archives another.  Forthis purpose, it would be very useful to have a syntax for putting a date into a domain name.  This would allow a system to find an archive server.  Imaging that, failing to find "info.cern.ch", one could search back and find an entry "info.cern.ch.1994" which pointed to www.w3.org as a current server holding archive information for info.cern.ch as it was in 1994, with, of course,  pointers to newer versions of the documents.

      This document talks about content negotiation being used to request an audio version of a resource, no protocol-level negotiation of time versioning appears here.

    1. On the other hand, a resource may be generic in that as a concept it is well specified but not so specifically specified that it can only be represented by a single bit stream. In this case, other URIs may exist which identify a resource more specifically. These other URIs identify resources too, and there is a relationship of genericity between the generic and the relatively specific resource.

      I was not aware of this page when the Web Annotations WG was working through its specifications. The word "Specific Resource" used in the Web Annotations Data Model Specification always seemed adequate, but now I see that it was actually quite a good fit.

  20. Jun 2019
  21. May 2019
  22. Apr 2019
  23. Mar 2019
  24. Feb 2019
  25. Jan 2019
  26. Oct 2018
    1. This document specifies version 1.0 of the Token Binding protocol. The Token Binding protocol allows client/server applications to create long-lived, uniquely identifiable TLS bindings spanning multiple TLS sessions and connections. Applications are then enabled to cryptographically bind security tokens to the TLS layer, preventing token export and replay attacks. To protect privacy, the Token Binding identifiers are only conveyed over TLS and can be reset by the user at any time.
    1. This document defines two new HTTP headers that enable User Agents and hosts to indicate and negotiate the profile used to represent a specific resource. In this context, a profile is a document describing the structural and/or semantic constraints of a group of documents in addition to the syntactical interpretation provided by a MIME type. Examples of profiles include Dublin Core Application Profiles, XML Schemata and RDF Shape Expressions. Further, it defines and registers the profile parameter for the HTTP Link header and suggests a best practice for the use of the new headers together with the Link header to perform content negotiation and point clients to alternate representations.
    1. The Hyper Text Coffee Pot Control Protocol (HTCPCP) is a protocol for controlling, monitoring and diagnosing coffee pots over a network. The Resource Description Framework (RDF) is a general-purpose language for representing information in the Web. This document defines HTCPCP Vocabulary in RDF in order to allow HTCPCP headers that have been exchanged between a client (in other words, a coffee addict) and a server (a networked device that can brew, store and deliver heated coffee beverages) to be recorded in RDF format. The objective of this vocabulary is to support quality assurance testing, and to serve as a machine-readable component in conformance claims and in reporting languages such as the Evaluation and Report Language (EARL) [EARL Schema].
    1. The HTTP-based Memento framework bridges the present and past Web. It facilitates obtaining representations of prior states of a given resource by introducing datetime negotiation and TimeMaps. Datetime negotiation is a variation on content negotiation that leverages the given resource's URI and a user agent's preferred datetime. TimeMaps are lists that enumerate URIs of resources that encapsulate prior states of the given resource. The framework also facilitates recognizing a resource that encapsulates a frozen prior state of another resource.
  27. Sep 2018
    1. felicity

      Felicity- That which causes or promotes happiness; a source of happiness, a blessing. The use of this word in this context is interesting as in it promotes a feeling or atmosphere of bliss.

    1. // Download a json but don't reveal who is downloading it fetch("sneaky.json", {referrerPolicy: "no-referrer"}) .then(function(response) { /* consume the response */ }); // Download a json but pretend another page is downloading it fetch("sneaky.json", {referrer: "https://example.site/fake.html"}) .then(function(response) { /* consume the response */ }); // You can only set same-origin referrers. fetch("sneaky.json", {referrer: "https://cross.origin/page.html"}) .catch(function(exc) { // exc.name == "TypeError" // exc.message == "Referrer URL https://cross.origin/page.html cannot be cross-origin to the entry settings object (https://example.site)." }); // Download a potentially cross-origin json and don't reveal // the full referrer URL across origins fetch(jsonURL, {referrerPolicy: "origin-when-cross-origin"}) .then(function(response) { /* consume the response */ }); // Download a potentially cross-origin json and reveal a // fake referrer URL on your own origin only. fetch(jsonURL, {referrer: "https://example.site/fake.html", referrerPolicy: "origin-when-cross-origin"}) .then(function(response) { /* consume the response */ });
    1. This document outlines Cross-Origin Read Blocking (CORB), an algorithm by which dubious cross-origin resource loads may be identified and blocked by web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks.