- From: Sergey Shekyan <shekyan@gmail.com>
- Date: Sat, 14 Jan 2017 01:25:25 -0800
- To: Daniel Veditz <dveditz@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Saturday, 14 January 2017 09:26:18 UTC
I am talking about tools that automate user agents, e.g. headless browsers (PhantomJS, SlimerJS, headless Chrome), Selenium, curl, etc. I mentioned navigation requests as don't see so far how advertising automation to non-navigation requests would help. Another option to advertise can be a property on navigator object, which would defer possible actions by authors to second request. On Sat, Jan 14, 2017 at 12:56 AM, Daniel Veditz <dveditz@mozilla.com> wrote: > On Fri, Jan 13, 2017 at 5:11 PM, Sergey Shekyan <shekyan@gmail.com> wrote: > >> I think that attaching a HTTP request header to synthetically initiated >> navigation requests (https://fetch.spec.whatwg.org/#navigation-request) >> will help authors to build more reliable mechanisms to detect unwanted >> automation. >> > > I don't see anything in that spec about "synthetic" navigation requests. > Where would you define that? How would you define that? Is a scripted > window.open() in a browser "synthetic"? what about an iframe in a page? > Does it matter if the user expected the iframe to be there or not (such as > ads)? What if the page had 100 iframes? > > Are you trying to solve the same problem robots.txt is trying to solve? If > not what kind of automation are you talking about? > > - > Dan Veditz > >
Received on Saturday, 14 January 2017 09:26:18 UTC