Guidelines for Web Content Transformation Proxies 1w

1 Introduction (Non-Normative)

1.1 Purpose

~~From the point of view of~~ Within this ~~document,~~ document Content Transformation is refers to the manipulation ~~in various ways, by proxies,~~ of requests ~~made to~~ to, and ~~content delivered by~~ responses from, an origin ~~server with a view~~ server. This manipulation is carried out by proxies in order to provide a better user experience of content that would otherwise result in an unsatisfactory experience on the device making ~~it more suitable for mobile presentation.~~ the request.

The W3C ~~MWI BPWG~~ Mobile Web Best Practices Working Group neither approves nor disapproves of Content Transformation, but recognizes that is being deployed widely across mobile data access networks. The deployments are widely divergent to each other, with many non-standard HTTP implications, and no well-understood means either of identifying the presence of such transforming proxies, nor of controlling their actions. This document establishes a framework to allow that to happen.

The overall objective of this document is to provide a means, as far as is practical, for users to be provided with at least a "functional user experience" [Device Independence Glossary] of the Web, when mobile, taking into account the fact that an increasing number of content providers create experiences specially tailored to the mobile context which they do not wish to be altered by third parties. Equally it takes into account the fact that there remain a very large number of Web sites that do not provide a functional user experience when perceived on many mobile devices. The document describes how the origin server may request conforming transforming proxies not to alter HTTP requests and responses, as well as describing control options that a transforming proxy offers users. A more extensive discussion of the requirements for these guidelines can be found in "Content Transformation Landscape" [CT Landscape] .

1.2 Audience

The audience for this document is creators of Content Transformation ~~proxies,~~ proxies and purchasers and operators of such ~~proxies and~~ proxies. The document also contains non-normative guidance for content providers whose services may be accessed by means of such proxies.

1.3 Scope

The recommendations in this document refer only to "Web browsing" - i.e. access by user agents that are intended primarily for interaction by users with HTML Web pages (Web ~~browsers). Note: The document is not intended as guidelines for delivery~~ browsers) using HTTP. Clients that interact with proxies using mechanisms other than HTTP (and that typically involve the download of ~~WAP/WML. Some~~ a special client) are out of ~~its recommendations may,~~ scope, and are considered to be a distributed user agent. Proxies which are operated in ~~some circumstances , disrupt~~ the ~~delivery~~ control of ~~WML.~~ or under the direction of the operator of an origin server are similarly considered to be a distributed origin server and hence out of scope.

The ~~BPWG~~ W3C Mobile Web Best Practices Working Group (BPWG) is not chartered to create new ~~technology,~~ technology - its role is to advise on best practice for use of existing technology. In satisfying Content Transformation requirements, existing HTTP ~~headers,~~ header fields, directives and behaviors must be respected, and as far as is practical, no extensions to [RFC 2616 HTTP] are to be used.

The recommendations in this document refer to interactions of a proxy and do not refer to any presumed aspects of the internal operation of the proxy. For this reason, the document does not discuss use of "allow" and "disallow" lists (though it does discuss behavior that is induced by the implementation of such lists). In addition it does not discuss details of how transformation is carried out except if this is reflected in interoperability. For this reason, it does not discuss the insertion or insertion of headers and footers or any other specific behaviors (though it does discuss the need for essential user interaction of some form).

1.4 Principles

1.4.1 IAB Considerations

The BPWG made reference to Internet Architecture Board (IAB) work on "Open Pluggable Edge Services" [RFC 3238 OPES] for various principles that underlie behavior of proxies. In this work the IAB expressed its concerns about privacy, control, monitoring, and accountability of such services.

1.4.2 Priority of Intention

The Web allows users considerable flexibility in respect of the representation of content. At the same time, Content Providers may have a preferred manner in which they wish their content to be represented. Content Transformation must reconcile these contrasting factors. In creating this Recommendation the BPWG has determined that Content Transformation proxies should respect Content Providers intentions, where they are expressed, but may allow users to choose other representations, except where Content Providers specifically prohibit this.

The BPWG recognizes that there is neither a systematic vocabulary for Content Provider Intentions, nor a systematic means of expression of such intentions. There is scope for further work in this area (see J Scope for Future Work ).

2 Terminology (Normative)

2.1 Types of Proxy

Alteration of HTTP requests and responses is not prohibited by HTTP other than in the circumstances referred to in [RFC 2616 HTTP] Section 13.5.2 and Section 14.9.5 .

HTTP defines two types of proxy: transparent proxies and non-transparent proxies. As discussed in [RFC 2616 HTTP] Section 1.3, Terminology :

[ ~~Definition :~~ "A transparent proxy is a proxy that does not modify the request or response beyond what is required for proxy authentication and ~~identification."] [~~ identification. ~~Definition : "A~~ A ~~non transparent~~ non-transparent proxy is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity ~~filtering.]~~ filtering. Except where either transparent or non-transparent behavior is explicitly stated, the HTTP proxy requirements apply to both types of proxies."

This document elaborates the behavior of ~~non transparent~~ non-transparent proxies, when used for Content Transformation in the context discussed in [CT Landscape] . Editorial Note: The BPWG requests feedback on the degree to which it is necessary to distinguish between Content Transformation proxies that interact with user agents using HTTP, and other types of arrangements where a (proprietary) client application interacts with an in-network component using other techniques.

2.2 Types of Transformation

Transforming proxies can carry out a wide variety of operations. In this document we categorize these operations as follows:

Alteration of Requests
Transforming proxies process requests in a number of ways, especially replacement of various request ~~headers~~ header fields to avoid HTTP 406 Status responses ~~(the~~ (if a server can not provide content in that is compatible with the ~~format requested)~~ original HTTP request header fields) and at user request.
Alteration of Responses
There are three classes of operation on responses:

~~2.3 Interpretation of RFC 2119 Key Words~~

This document is not normative Need link to definition and it is inappropriate to claim conformance to it. Implementors of this Recommendation who wish to promote effective inter operability of Web content will, however, interpret the key words must , must not , required , shall , shall not , should , should not , recommended , may , and optional in this Recommendation as described in ~~[RFC 2119] .~~

3 Requirements Conformance (Normative)

3.1 Summary Classes of Requirements Product

The ~~purpose of this section is to summarize the communication requirements~~ Content Transformation Guidelines specification has one class of ~~actors (transforming proxies, origin servers, and to some extent users) to communicate with each other. The relevant scenario involving a content transformation proxy is as follows:~~ products:

Transformation Deployment: ~~Note:~~
A Transformation Deployment is the provision of ~~The interactions~~ non-transparent components in the path of ~~several transformation proxies~~ HTTP requests and responses. Provisions that are ~~encompassed by~~ applicable to a Transformation Deployment are identified in this ~~document, but only~~ document by use of the term "transforming proxy" or "proxy" in ~~a rudimentary form.~~ the singular or plural.

The needs of these actors are as follows: 3.2 Normative and Informative Parts

~~The user agent needs to be able to tell~~ Normative parts of this document are identified by the ~~Content Transformation proxy and~~ use of "(Normative)" following the ~~origin server:~~ section name. Informative parts are identified by use of "(Non-Normative)" following the section name.

~~what type of mobile device and what user agent is being used;~~

that all Content Transformation should be avoided. 3.3 Normative Language for Conformance Requirements

The ~~Content Transformation proxy needs to be able to tell~~ key words must , must not , required , shall , shall not , should , should not , recommended , not recommended , may , and optional in this Recommendation have the ~~origin server:~~ meaning defined in [RFC 2119] .

that some degree of Content 3.4 Transformation ( restructuring and recoding Deployment Conformance ) can be performed; that Content Transformation will be carried out unless requested not to; that content is being requested on behalf of something else and what that something else is;

~~that the request headers have been altered (e.g. additional content types inserted).~~ ~~The origin server needs to be able to tell the Content~~ A Transformation ~~proxy: that it varies its presentation according to device type and other factors; that it is permissible (or not)~~ Deployment conforms to ~~perform Content Transformation of various kinds; that~~ these guidelines if it ~~has media-specific representations; that is unable or unwilling to deal with~~ follows the ~~request~~ statements in ~~its present form.~~ ~~The Content~~ 3.4 Transformation ~~proxy needs to be able to tell the user agent:~~ Deployment Conformance , ~~that it has applied transformations~~ 4.1 Proxy Forwarding of ~~various kinds to the content. The Content Transformation proxy needs to be able to interact with the user:~~ Request ~~to allow the user to disable its features;~~ , ~~to alert the user to the fact that it has transformed content and to allow access to an untransformed representation~~ 4.2 Proxy Forwarding of ~~the content.~~ Response to User Agent ~~3.2 Control of the Behavior of the Proxy~~ and 5 Testing (Normative) .

A ~~transforming proxy as described in this document~~ Transformation Deployment that wishes to claim conformance must ~~offer~~ make available a ~~level of control to users and to origin servers with which it communicates.~~ conformance statement B Conformance Statement ~~3.2.1 Control by~~ that specifies the ~~User Transforming proxies~~ reasons for non-compliance with any clauses containing the key words " should ~~provide~~ " and " should not ", " recommended " and " not recommended ".

Conformance statements must be sent to ~~their users:~~ public-content-transformation-conformance@w3.org . Public archives of this list may be found at http://lists.w3.org/Archives/Public/public-content-transformation-conformance/ .

an indication that the content being viewed has been transformed for mobile presentation; 4 Behavior of Components (Normative)

~~an option to view the original, unmodified content.~~

They may also provide the ability for their users to make a persistent or semi-persistent expression of preferences. Examples of such settings are "Never transform", "Always request desktop presentation", "Transform only if necessary to avoid mis-operation" and "Compress where possible". Editorial Note: The BPWG is studying how to clarify the scope 4.1 Proxy Forwarding of "persistent" and "semi-persistent". Request

3.2.2 Control by Server 4.1.1 Applicable HTTP Methods

~~Transforming proxies~~ Proxies ~~must~~ should not ~~allow origin servers to control the Content Transformation process. The control mechanisms include use of HTTP conventions as discussed~~ intervene in ~~the following section ( 4 Behavior of Components ). 3.2.3 Control by Administrative or Other Arrangements.~~ methods other than GET, POST, HEAD.

~~The preferences~~ User agents sometimes issue HTTP HEAD requests in order to determine if a resource is of ~~users and~~ a type and/or size that they are capable of ~~servers~~ handling. A transforming proxy may ~~be ascertained by means outside the scope of this document, for example: the use by transforming proxies of~~ convert a ~~disallow list of Web sites for which Content Transformation is known~~ HEAD request into a GET request (in order to ~~diminish the user experience of content or be ineffective;~~ determine the ~~use by transforming proxies of an allow list of Web sites for which Content Transformation is known to be necessary; terms and conditions~~ characteristics of ~~service, as agreed between~~ a transformed response that it would return if the user ~~and~~ agent subsequently issued a GET request for the ~~Content Transformation service provider. Note:~~ same resource).

~~Allow and disallow lists generally cause intractable problems for content providers since there~~ If the HTTP method is ~~no mechanism for them~~ altered from HEAD to ~~establish which lists they~~ GET, proxies should ~~be on, nor any generic mechanism though which they can check or change their status. 3.2.4 Resolving Conflicting Instructions There~~ (providing such action is in accordance with normal HTTP caching rules) cache the ~~possibility for conflict between the desires of the content provider and the desires of users of~~ response so that ~~content. This document sets out to provide~~ a ~~framework within which,~~ second GET request for ~~matters of presentation, the desires of~~ the same content ~~provider are usually accommodated but, where necessary, the user may expressly override those desires with their preferences. 4 Behavior of Components~~ is not required (see also 4.1.4 Serving Cached Responses ~~4.1 Proxy Treatment of Request~~ ).

Other than to convert between HEAD and GET proxies must not alter request methods.

4.1.1 4.1.2 `no-transform` directive in Request

If the request contains a Cache-Control: no-transform ~~directive the proxy~~ directive, proxies must not ~~forward~~ alter the request ~~unaltered to the server,~~ other than to comply with transparent HTTP behavior ~~and~~ defined in ~~particular~~ [RFC 2616 HTTP] sections section 14.9.5 and section 13.5.2 and to add ~~a Via~~ header fields as described in 4.1.6 Additional HTTP ~~header.~~ Header Fields below.

Note:

An example of the use of Cache-Control: no-transform is the issuing of asynchronous HTTP requests, perhaps by means of XMLHttpRequest [XHR] , which may include such a directive in order to prevent transformation of both the request and the response.

~~Irrespective of the presence~~

4.1.3 Treatment of a no-transform directive: Requesters that are not Web browsers

~~the proxy should add the IP address of the initiator~~ Before altering aspects of ~~the~~ an HTTP request proxies need to ~~the end~~ take account of ~~a comma separated list in an X-Forwarded-For HTTP header;~~ the ~~proxy must behave transparently unless it is able positively to determine~~ fact that ~~the user agent~~ HTTP is ~~a Web browser. The mechanism by which the proxy recognizes the user agent~~ used as a ~~Web browser should use evidence from the~~ transport mechanism for many applications other than "Traditional Browsing". Alteration of HTTP ~~request, in particular the User-Agent and Accept headers.~~ requests for those applications can cause serious misoperation.

4.1.2 Proxy Decision to Transform 4.1.4 Serving Cached Responses

~~If there is no no-transform directive present~~ Aside from the usual caching procedures defined in [RFC 2616 HTTP] , in some circumstances, proxies may paginate responses and where this is the case a request may be for a subsequent page of a previously requested resource. In this case proxies may for the ~~proxy~~ sake of consistency of representation serve stale data but when doing so should ~~analyze whether it intends to offer transformation services by referring to: any knowledge it has of~~ notify the user ~~preferences;~~ that this is the case and must provide a simple means of retrieving a fresh copy.

any knowledge it has 4.1.5 Alteration of user agent capabilities (including linearization and zoom); HTTP Header Field Values

~~any prior knowledge it has of server behavior, derived~~ Aside from ~~previous interaction with~~ the ~~server - and~~ usual procedures defined in ~~particular to preserve the consistency of user experience across a sequence of related requests;~~ [RFC 2616 HTTP] proxies should not modify the ~~HTTP method~~ values of header fields other than the ~~request.~~ User-Agent,Accept,Accept-Charset,Accept-Encoding, and Accept-Language header fields and must not delete header fields. It must be possible for the server to reconstruct the original User Agent originated header fields by copying directly from the corresponding X-Device header field values (see 4.1.5.5 Original Header Fields ).

~~Proxies~~ Other than to comply with transparent HTTP operation, proxies should not ~~alter HTTP requests unless:~~ modify any request header fields unless one of the following applies:

~~unaltered headers~~ the user would be prohibited from accessing content as a result in of the ~~user's request being rejected by~~ server responding that the ~~origin server; an unaltered~~ request ~~body~~ is ~~not consistent with the origin server's requirements in respect~~ "unacceptable" (see 4.2.5 Server Rejection of ~~Internet content type or character encoding (as may happen, for example, if the proxy has transformed an HTML form that results in this request);~~ HTTP Request );
the user has specifically requested a restructured ~~version~~ desktop experience (see 4.1.5.3 User Selection of Restructured Experience );
the request is part of a ~~desktop presentation.~~ sequence of requests to the same Web site and either it is technically infeasible not to adjust the request because of earlier interaction, or because doing so preserves consistency of user experience.

These circumstances are detailed in the following sections.

Note: ~~Rejection~~

In this section, the concept of ~~a request by a server~~ "Web site" is ~~taken to mean both a HTTP 406 Status as well~~ used (rather than "origin server") as ~~HTTP 200 Status, with content indicating that~~ some origin servers host many different Web sites. Since the ~~request cannot be handled - e.g. "Your browser~~ concept of "Web site" is not ~~supported"~~ strictly defined, proxies should use heuristics including comparisons of domain name to assess whether resources form part of the same "Web site".

~~Editorial~~

Note:

The ~~BPWG is studying heuristics for~~ URI referred to in the request plays no part in determining ~~when a response with a 200 Status should be treated as a response with a 406 Status.~~ whether or not to alter HTTP request header field values. In particular the patterns mentioned in 4.2.9 Proxy Decision to Transform are not material.

4.1.5.1 Content Tasting

~~Proxies~~ The theoretical idempotency of GET requests is not always respected by servers. In order, as far as possible, to avoid misoperation of such content, proxies should ~~not~~ ~~intervene in methods other than GET, POST, HEAD~~ avoid issuing duplicate requests and ~~PUT. User agents sometimes~~ specifically should not issue ~~HTTP HEAD~~ duplicate requests ~~in order to determine if a resource is of a type and/or size that they are capable of handling.~~ for comparison purposes.

4.1.5.2 Avoiding "Request Unacceptable" Responses

A ~~transforming~~ proxy may ~~convert~~ reissue a ~~HEAD~~ request ~~into~~ with altered HTTP header field values if a ~~GET~~ previous request ~~if it requires the response body to determine the characteristics of~~ with unaltered values resulted in the ~~transformed response that it would return were~~ origin server rejecting the ~~user agent subsequently to issue a GET~~ request ~~for that content. In this case, the~~ as "unacceptable" (see 4.2.5 Server Rejection of HTTP Request ). A proxy ~~should (providing such action is~~ may apply heuristics of various kinds to assess, in ~~accordance with normal HTTP caching rules) cache~~ advance of sending unaltered header field values, whether the ~~response so that it is not required to send a second GET~~ request is likely to ~~the server. If, as~~ cause a ~~result of carrying out~~ "request unacceptable" response. If it determines that this ~~analysis the proxy remains unaware of the server's preferences and capabilities~~ is likely then it ~~should : Issue a request with~~ may alter header field values without sending unaltered ~~headers and examine~~ values in advance, providing that it subsequently assesses the response ~~(see~~ as described under ~~4.4 Proxy Response to User Agent~~ 4.2.6 Receipt of Vary HTTP Header Field ~~); If it~~ below, and is ~~still in doubt, issue a~~ prepared to reissue the request with ~~altered headers~~ unaltered header fields, and alter its subsequent behavior in respect of the Web site so that unaltered header fields are sent.

~~The~~ A proxy must not ~~issue~~ reissue a ~~POST/PUT~~ POST request with altered ~~headers~~ header fields when the response to the unaltered ~~POST/PUT~~ POST request has HTTP status code 200 (in other words, it may only send the altered request for a POST/PUT request when the unaltered one ~~was refused with a~~ resulted in an HTTP 406 ~~status). The theoretical idempotency of GET requests is~~ response, and not ~~always respected~~ a "request unacceptable" response).

4.1.5.3 User Selection of Restructured Experience

Proxies must assume that by ~~servers. In order, as far as possible,~~ default users will wish to ~~avoid mis-operation~~ receive a representation prepared by the Web site.

Proxies may offer users an option to choose to view a restructured experience even when a Web site offers a choice of user experience. If a user has made such ~~content,~~ a choice then proxies ~~should~~ may ~~avoid issuing duplicate requests~~ alter header field values when requesting resources in order to reflect that choice, but must , on receipt of an indication from a Web site that it offers alternative representations (see H.1.4.2 Indication of Intended Presentation Media Type of Representation ), inform the user of that and ~~specifically~~ allow them to select an alternative representation.

Proxies must assess whether a user's expressed preference for a restructured representation is still valid if a Web site changes its choice of representations (see 4.2.6 Receipt of Vary HTTP Header Field ).

4.1.5.4 Sequence of Requests

When requesting resources that are included resources (e.g. style sheets, images), proxies should make the request for such resources with the same User-Agent header field as the request for the resource from which they are referenced.

For the purpose of consistency of representation, proxies may request linked resources (e.g. those referenced using the a element) that form part of the same Web site as a previously requested resource with the same header fields as the resource from which they are referenced.

When requesting linked resources that do not form part of the same Web site as the resource from which they are linked, proxies should not ~~issue duplicate requests~~ base their choice of header fields on a consistency of presentation premise.

4.1.5.5 Original Header Fields

When forwarding an HTTP request with altered HTTP header fields, in addition to complying with the rules of normal HTTP operation, proxies must include in the request copies of the unaltered header field values in the form "X-Device-"<original header name>. For example, if the User-Agent header field has been altered, an X-Device-User-Agent header field must be added with the value of the received User-Agent header field.

Specifically the following mapping must be used:

Original	Replacement	Ref
`User-Agent`	`X-Device-User-Agent`	RFC2616 Section 14.43
`Accept`	`X-Device-Accept`	RFC2616 Section 14.1
`Accept-Charset`	`X-Device-Accept-Charset`	RFC2616 Section 14.2
`Accept-Encoding`	`X-Device-Accept-Encoding`	RFC2616 Section 14.3
`Accept-Language`	`X-Device-Accept-Language`	RFC2616 Section 14.4

Note:

The X-Device- prefixed header names listed in this section have been provisionally registered with IANA (see Provisional Message Header Field Names ).

Note:

The X-Device- prefix was chosen primarily on the basis that this is an already existing convention. It is noted that the values encoded in such header fields may not ultimately derive from a device, they are merely received fields. The treatment of received X-Device header fields, which may happen where there are multiple transforming proxies, is undefined (see J Scope for ~~comparison purposes.~~ Future Work ).

4.1.3 Proxy Indication 4.1.6 Additional HTTP Header Fields

Irrespective of ~~its Presence~~ the presence of a no-transform directive:

proxies should add the IP address of the initiator of the request to ~~Server~~ the end of a comma separated list in an X-Forwarded-For HTTP header field;
~~The proxy~~ proxies must include a Via HTTP header field (see 4.1.6.1 Proxy Treatment of Via Header Field ).

4.1.6.1 Proxy Treatment of `Via` Header Field

Proxies must (in accordance with ~~compliance to~~ RFC 2616) include a Via HTTP header field indicating ~~its presence. The proxy~~ their presence and should indicate ~~its presence and capabilities~~ their ability to transform content by including a comment in the Via HTTP header field consisting of the URI ~~"http://www.w3.org/2008/04/ct". Editorial Note1k: Need to put something at the end of the rainbow in case the URI is ever resolved.~~ "http://www.w3.org/ns/ct".

When forwarding Via ~~headers~~ header fields, proxies should not alter them ~~in any way.~~ by removing comments from them.

Note:

According to [RFC 2616 HTTP] Section 14.45 Via header field comments " may be removed by any recipient prior to forwarding the message". However, the justification for removing such comments is based on memory limitations of early ~~proxies, and that most~~ proxies. Most modern proxies do not suffer such limitations.

~~4.1.4 Altering Header Values~~

If ~~the server has distinct presentations~~ a proxy determines that ~~vary according~~ a resource as currently represented is likely to ~~presentation media, then the medium for which~~ cause serious misoperation of the ~~presentation is intended~~ user agent then it ~~should~~ may ~~be indicated. Editorial Note: The BPWG is studying the use of~~ advise the ~~link element of HTML which is used for~~ user that this ~~purpose. It~~ is ~~noted that~~ the ~~link element is not available in formats other than HTML,~~ case and ~~it is noted that there is currently active discussion about the use of~~ must provide the ~~Link HTTP header, which would serve this purpose well. If~~ option for the ~~server creates a specific~~ user ~~experience according~~ to ~~device characteristics or presentation media types it~~ continue with unaltered content (and ~~should~~ may ~~inhibit transformation~~ provide other options too).

4.2.4 Use of the response by including a `Cache-Control: no-transform` directive.

~~The server~~ Proxies ~~must~~ may ~~include a~~ use Cache-Control: no-transform ~~directive if one is received from the user agent.~~ to inhibit transformation by further proxies.

~~Note:~~

~~Including a Cache-Control: no-transform directive can disrupt the behavior of WAP/WML proxies, because it can inhibit such proxies from converting WML to WMLC.~~

Note: If the server is unable to add a Cache-Control 4.2.5 Server Rejection of HTTP headers, it may , in HTML documents, add a meta HTTP-Equiv element containing Cache-Control: no-transform . Request

~~Servers~~ Proxies may ~~base their actions on knowledge of behavior of specific transforming proxies,~~ treat responses with an HTTP 200 Status as identified in a Via header, but should not choose a Content-Type for their response based on their assumptions about the heuristic behavior of any intermediaries. (e.g. a server should not choose content-type: application/vnd.wap.xhtml+xml solely on the basis that though they were responses with an HTTP 406 Status if it ~~suspects~~ has determined that ~~proxies will not transform~~ the content ~~of this type).~~ (e.g. "Your browser is not supported") is equivalent to a response with an HTTP 406 Status.

~~4.3 Proxy~~

4.2.6 Receipt and Forwarding of Response from Server `Vary` HTTP Header Field

~~If HTTP header fields were altered in the request then the~~ A proxy ~~must~~ may not be ~~prepared to re-issue the~~ carrying out content tasting as described under 4.1.5.2 Avoiding "Request Unacceptable" Responses if it anticipates receiving a "request unacceptable" response. However, if it makes a request with altered header fields in ~~an unaltered form on receipt of~~ these circumstances, and receives a response containing a Vary header ~~in the response indicating that the server offers variants of its presentation according~~ field referring to ~~any~~ one of the ~~HTTP~~ altered header fields ~~that have been modified. Editorial Note: The BPWG is aware that more precision may be needed in the above statement. If a transforming proxy has followed the guidelines in this document,~~ then it should ~~not receive a response~~ request the resource again with ~~a Vary~~ unaltered header if fields. It should also update whatever heuristics it ~~has not already received such a response to a request with~~ uses so that unaltered ~~headers.~~ header fields are presented first in subsequent requests for this resource.

4.4 Proxy Response 4.2.7 Link to User Agent "handheld" Representation If the response includes a Warning: 214 Transformation Applied the proxy must not apply further transformation.

If the response is an HTML response and it contains a <link rel="alternate" media="handheld" /> element, ~~the CT-proxy SHOULD~~ a proxy should request and ~~return~~ process the referenced resource, unless the resource referenced is the current ~~resource (1k)~~ representation .

Note:

In this document the term current representation means a "same document reference" as ~~determined by [unresolved discussion] ... .~~ defined in [RFC 3986] Section 4.4 , with the addition that if a Vary HTTP header field was present on the response then it is the same representation if the values of the HTTP header fields of the request have not been altered.

4.2.8 WML Content

If the content is WML proxies should act in a transparent manner.

Note:

This does not affect the operation of proxies that are also WAP Gateways.

4.2.9 Proxy Decision to Transform

In the absence of a Vary or no-transform directive (or a meta HTTP-Equiv element containing Cache-Control: no-transform ) ~~the proxy~~ proxies should not ~~apply heuristics to~~ transform content matching any of the following rules unless the user has specifically requested transformation:

the content ~~to determine whether it~~ is ~~appropriate~~ HTML and contains <link rel="alternate" media="handheld"/> with a reference to the ~~restructure~~ current representation ;
the DOCTYPE of the content (if it has one) indicates XHTML-MP, XHTML Basic, WML or ~~recode~~ iMode as listed in D DOCTYPEs Associated with Mobile Content ~~it (in~~ ;
the ~~presence~~ Content-Type has a value listed in C Internet Content Types associated with Mobile Content .
the URI of the response (following redirection or as indicated by the Content-Location HTTP header field) matches a pattern listed in E URI Patterns Associated with Mobile Web Sites ;
the response contains a resource that is referenced as an included resource suitable for "handheld" in a resource that was itself handled transparently;
a claim of mobileOK Basic [mobileOK Basic Tests] conformance is indicated (see [mobileOK Scheme] for how such ~~directives, heuristics should not~~ a claim may be ~~used.)~~ indicated).

~~Examples of heuristics:~~ Other factors that a proxy may take into account:

The ~~server~~ Web site (see note ) has previously shown that it is contextually aware, even if the present response does not indicate this;
the Content-Type or other aspects of the response are known to be specific to the device or class of device (e.g. for HTML documents the DOCTYPE is "-//OMA//DTD XHTML Mobile 1.2//EN", "-//WAPFORUM//DTD XHTML Mobile 1.1//EN" "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "-//W3C//DTD XHTML Basic 1.1//EN" and "-//W3C//DTD XHTML Basic 1.0//EN"); the user agent has features (such as linearization or ~~zoom capabilities or other features which~~ zoom) that allow it to present the content unaltered;
the URI of the response (following redirection or as indicated by the Content-Location HTTP header) indicates that the resource is intended for mobile use (e.g. the domain is *.mobi, wap.*, m.*, mobile.* or the leading portion of the path is /m/ or /mobile/); the response contains ~~client-side~~ client side scripts that may ~~mis-operate~~ misoperate if the resource is restructured;
the response is an HTML response and it includes <link> elements specifying alternatives according to presentation media type.

4.2.9.1 Alteration of Response

Note:

~~A proxy should strive for the best possible user experience that the user agent supports. It should only alter the format, layout, dimensions etc. to match~~ Other than as noted in this section the ~~specific capabilities~~ nature of ~~the user agent. For example, when resizing images, they should only be reduced so~~ restructuring that ~~they are suitable for the specific user agent,~~ is carried out, any character encoding alterations and what is omitted and what is inserted is, as discussed in 1.3 Scope , out of scope of this ~~should not be done on a generic basis.~~ document.

If ~~the~~ a proxy alters the ~~content then it~~ response then:

It must add a Warning 214 Transformation Applied HTTP ~~Header.~~ header field;
~~If the proxy alters the content then the~~ The altered content should validate according to an appropriate published formal ~~grammar.~~ grammar and if XML must be well-formed ;
If It should indicate to the ~~response contains links whose~~ user that the content has been transformed for mobile presentation and provide an option to view the original, unmodified content.

4.2.9.2 Link Rewriting

Note:

In this document two URIs have the ~~scheme~~ Same-Origin if the https scheme component and the host and port subcomponents, as defined in [RFC 3986] , all match. Section 6 of [RFC 3986] discusses URI comparison.

Some proxy deployments have to "rewrite" links in content in order for the User Agent to request the referenced resources through the proxy. In so doing, proxies make unrelated resources appear as though they have the same-origin and hence there is a danger of introducing security vulnerabilities.

Note:

This section (on link rewriting) refers also to insertion of links, frame flattening and any other techniques that introduces the "same-origin" issue.

Note:

Link rewriting is always used by CT Proxies that are accessed as an origin server initially, e.g. which provide mobile adapted web search and navigation to the web pages returned in the search results, or to which the browser is redirected through the CT Proxy for adaptation of a web page. Link rewriting may be used by CT Proxies acting as normal HTTP proxies (e.g. configured or transparent) for the browser, but may not be required since all browser requests flow through the CT Proxy.

Proxies must not ~~only~~ rewrite ~~them so~~ links when content transformation is prohibited.

Proxies must preserve security between requests for domains that are not same-origin in respect of cookies and scripts.

4.2.9.3 HTTPS Link Rewriting

Note:

For clarity it ~~can~~ is emphasized that it is not possible for a transforming proxy to transform content accessed via an HTTPS link without breaking end-to-end security.

Interception of HTTPS and the ~~content, if~~ circumstances in which it ~~meets~~ might be permissible is not a "mobile" question, as such, but is highly pertinent to this document. The BPWG is aware that interception of HTTPS happens in many networks today. Interception of HTTPS is inherently problematic and may be unsafe. The BPWG would like to refer to protocol based "two party consent" mechanisms, but such mechanisms do not exist at the ~~following provision.~~ time of writing of this document.

The practice of intercepting HTTPS links is strongly NOT RECOMMENDED .

If ~~the~~ a proxy ~~does rewrite such~~ rewrites HTTPS links, it must advise the user of the security implications of doing so and must provide the option to ~~avoid decryption~~ bypass it and ~~transformation of the resources~~ to communicate with the ~~links refer to.~~ server directly.

If Notwithstanding anything else in this document, proxies must not rewrite HTTPS links in the ~~response includes~~ presence of a Cache-Control: no-transform ~~directive then the response must remain unaltered other than to comply with transparent~~ directive. ~~HTTP behavior and other than as noted below.~~

If ~~the~~ a proxy ~~determines that~~ rewrites HTTPS links, replacement links must have the ~~resource~~ scheme https.

When forwarding requests originating from HTTPS links proxies must include a Via header field as ~~currently represented is likely to cause serious mis-operation~~ discussed under 4.1.6.1 Proxy Treatment of ~~the user agent then it~~ Via Header Field .

When forwarding responses from servers proxies ~~may , with the users explicit prior consent, warn~~ must notify the user ~~and provide links to both transformed and unaltered versions~~ of ~~the resource.~~ invalid server certificates.

5 Testing (Normative)

Operators of ~~transforming~~ content transformation proxies should make available ~~interfaces that facilitate testing~~ an interface through which the functions of ~~Web sites accessed~~ the proxy can be exercised. The operations possible through ~~them and~~ this interface ~~should~~ must ~~make~~ cover those necessary to settle the outcome of all conformance statements listed in section B.

The interface must be reachable from terminals with browsing capabilities connected to the Web via a conventional Internet access environment at the tester's premises; accessing the interface may necessitate adjusting standard Web browsing configuration parameters -- such ~~interfaces~~ as specifying a proxy IP address and port on a desktop browser, or activating a WAP setting on a mobile browser.

Such access must be granted under fair, reasonable and non-discriminatory conditions. In particular:

it is available ~~through normal Internet~~ to all, worldwide, whether or not they are W3C Members;
it does not impose any further conditions or restrictions on the use of any technology, intellectual property rights, or other restrictions on behaviour of the tester, but may include reasonable, customary terms relating to operation or maintenance of the relationship between tester and proxy operator such as the following: choice of law and dispute resolution, confidentiality of parameters to access ~~paths.~~ the interface, disclaimer of liability.

The needs of these actors are as follows: 3.2 Normative and Informative Parts

that some degree of Content 3.4 Transformation ( restructuring and recoding Deployment Conformance ) can be performed; that Content Transformation will be carried out unless requested not to; that content is being requested on behalf of something else and what that something else is;

an indication that the content being viewed has been transformed for mobile presentation; 4 Behavior of Components (Normative)

3.2.2 Control by Server 4.1.1 Applicable HTTP Methods

4.1.1 4.1.2 no-transform directive in Request

4.1.2 Proxy Decision to Transform 4.1.4 Serving Cached Responses

any knowledge it has 4.1.5 Alteration of user agent capabilities (including linearization and zoom); HTTP Header Field Values

4.1.3 Proxy Indication 4.1.6 Additional HTTP Header Fields

4.2 Server Response to Proxy 4.2.2 User Preferences

Note: If the server is unable to add a Cache-Control 4.2.5 Server Rejection of HTTP headers, it may , in HTML documents, add a meta HTTP-Equiv element containing Cache-Control: no-transform . Request

4.4 Proxy Response 4.2.7 Link to User Agent "handheld" Representation If the response includes a Warning: 214 Transformation Applied the proxy must not apply further transformation.

B.1 J.1 POWDER

B.2 J.2 link HTTP Header Field

B.3 Amendments to HTTP J.3 Sources of Device Information

B.4 J.4 Inter Proxy Communication

4.1.1 4.1.2 `no-transform` directive in Request

B.2 J.2 `link` HTTP Header Field