W3C

Disposition of comments for the Mobile Web Best Practices Working Group

Single page view

In the table below, red is in the WG decision column indicates that the Working Group didn't agree with the comment, green indicates that a it agreed with it, and yellow reflects an in-between situation.

In the "Commentor reply" column, red indicates the commenter objected to the WG resolution, green indicates approval, and yellow means the commenter didn't respond to the request for feedback.

CommentorCommentWorking Group decisionCommentor reply
LC-1978 Dominique Hazael-Massieux <dom@w3.org> (archived comment)
* when analyzing external resources (in ContentFormatSupport,
PageSizeLimit, ExternalResources), the objects and images that are set
as fallback of an object that is in an acceptable format shouldn't be
counted. For instance,
<object data="myimage.gif"><img src="myimage.png" alt=""/></object>
shouldn't trigger an error in ContentFormatSupport, the weight of
myimage.png shouldn't be counted in PageSizeLimit and ExternalResources
 We agree that the "myimage.png" should not trigger a CONTENT_FORMAT_SUPPORT error, and should not be taken into account in PAGE_SIZE_LIMIT and EXTERNAL_RESOURCES. This is triggered by the note in 2.4.6 Included Resources:
"object elements that are accessed in order to test their Content-Type HTTP header, but do not form part of the ultimate representation of the resource under test (see 3.15 OBJECTS_OR_SCRIPT ), are not considered to be included resources".

We agree that the notion of "ultimate representation of the resource" deserves to be clarified though and the note extended to resources retrieved by section 3.15.1 Object Element Processing Rule.

On the light of the discussion that followed your other comment (LC-1980) on the use of the HTTP Content-Type value to taste object element, we updated the note to specify that only resources retrieved under the 3.15.1 Object Element Processing Rule whose Content-Type is image/gif or image/jpeg are considered to be Included Resources:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/080707r#included_resources		 yes
LC-1979 Dominique Hazael-Massieux <dom@w3.org> (archived comment)
* similarly, I don't think we want to raise a ContentFormatSupport error
on <object data="myimage.png"><img src="myimage.gif" alt="" /></object>
since this is using correctly the fallback mechanism; while this gets
accepted by ObjectsOrScript, this would currently raise an error in the
way I read ContentFormatSupport;
 We agree that the example should not raise a FAIL in CONTENT_FORMAT_SUPPORT, because "myimage.png" does not form part of the ultimate representation of the resource under test, as noted in 2.4.6 Included Resources.

We clarified the note in 2.4.6 Included Resources as noted in our reply to your previous comment (LC-1978) on the need to clarify which objects and images are Included Resources, and which are not.		 yes
LC-1980 Dominique Hazael-Massieux <dom@w3.org> (archived comment)
* I don't think "myimage.gif" should be counted as external
resources/page size limit in the following instance:
<object data="myimage.gif" type="image/png">Hello</object> - the current
text says to "include those objects whose content type is either
"image/jpeg" or "image/gif" irrespective of whether the type attribute
is specified.", but it's not clear why.
 We understand that point, but note that there is not a real consistency in the way such objects are handled by mobile browsers in practice.

Some browsers download all the objects and use the HTTP Content-Type header irrespective of the presence of the type attribute, while other browsers follow the type attribute and only download objects that match values of the HTTP Accept header.

We think Content Providers should "benefit" (or rather should not be "punished") for this lack of consistency in mobile browsers, and decided, in the interest of returning fewer FAIL messages:
1/ to stick to the HTTP Content-Type header to determine whether an object is rendered or the fallback mechanism has to be used.
2/ to stick to our decision not to count objects that define a type attribute not set to image/gif or image/jpeg in PAGE_SIZE_LIMIT and EXTERNAL_RESOURCES.

However, since we recognize that the corresponding behavior among mobile browsers is not consistent, that it is a bad practice to have a type attribute that does not match the Content-Type of the underlying resource and that it is a good practice to define the type attribute, we also introduced two additional warning messages:
"If there is no type attribute, warn"
"If the Internet media type of the retrieved resource, as indicated by its Content-Type HTTP header does not match that stated in the type attribute, warn"

We note that our decision introduces a slight inconsistency in the way objects are treated by the specification: on the one hand, section 3.15.1 Object Element Processing Rule says that the Object must be retrieved so that the HTTP Content-Type header may be parsed, on the other hand, section 3.16 PAGE_SIZE_LIMIT (resp. 3.6 EXTERNAL_RESOURCES) says that an object defined with a type attribute set to image/png does not count as a retrieved resource (provided its actual Content-Type is not image/gif or image/jpeg). We think that it is needed though for the above mentioned reasons.		 yes
LC-1981 Dominique Hazael-Massieux <dom@w3.org> (archived comment)
* if I hit an HTTP redirect, does the size of the page served as the
redirect page counts in PAGE_SIZE_LIMIT-1 or only
under PAGE_SIZE_LIMIT-2? I've implemented the latter since I find it
less confusing, but the spec could be clearer about it
 Yes, we agree that the text here deserved to be clarified. We updated the text consequently:

- Section 3.16 PAGE_SIZE_LIMIT was clarified with regards to the treatment of HTTP response bodies that are required to retrieve a resource:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/080707r#PAGE_SIZE_LIMIT

- Section 2.4.3 HTTP Response was also amended to have the reader refer to 3.16 PAGE_SIZE_LIMIT (resp. 3.6 EXTERNAL_RESOURCES) for details of the total size (resp. count) the HTTP redirect response body should be added to:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/080707r#http_response		 yes
LC-1991 Francois Daoust <fd@w3.org> (archived comment)
* About the treatment of HTTP Status 401:
- Why should tests be applied to the response body of such an HTTP
response? The body will never be touched by any browser during the first
pass (when authentication credentials have not already been sent)
AFAICT. Besides, it wouldn't make any sense to display the resource if
it's an included image for instance. It's perfectly normal to count the
response in EXTERNAL_RESPONSE and PAGE_SIZE_LIMIT, but I suggest
updating the "Carry out tests on the response" to "Do not carry out
tests on the response", especially given the fact that the tests FAIL
when credentials are wrong (and so there's no need to test the response
body anyway even for the second pass)
- "Re-request the resource using authentication information" could
deserve some clarification. What if the checker doesn't have any
authentication information? I would clarify this with "Re-request the
resource using authentication information if available or FAIL" (where
FAIL would be HTTP_RESPONSE-7)
 On your first point, we think that the tests should be carried on the response body because, as specified in the HTTP (RFC 2616) section 10.4.2 401 Unauthorized, the body of the HTTP Status 401 response should be presented to the user if the authentication fails:
"If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information"

On your second point, we think that the text deserved to be clarified and updated the relevant part to state:
"If authentication information was supplied in the HTTP request (i.e. authentication failed) or if no authentication information is available, FAIL"

See: http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/080707r#http_response		 yes
LC-1992 Francois Daoust <fd@w3.org> (archived comment)
* HTTP responses and linked resources:
I understand the LINK_TARGET_FORMAT test as willing to return WARNs to the user on linked resources, and to never return any FAIL. However, there are several cases in the tests that should be carried by the checker for HTTP responses that return a FAIL, even when the resource is a linked resource:
- "If an HTTP request does not result in a valid HTTP response [...], FAIL"
- 1 case in "If the response is an HTTPS response"
- 2 cases in "If the HTTP status indicates redirection"
- "If the HTTP status represents failure (4xx), other than 404 or a request for authentication (e.g. 401), FAIL"

I guess one may argue that LINK_TARGET_FORMAT may return a FAIL message.
The last point still stands in that case: is a linked resource that
returned a 406 Not Acceptable status supposed to trigger a FAIL? I think I should be allowed to include links to external resources that are not able to serve content to the mobileOK checker in a page without losing the possibility for the page to be mobileOK. I would relax the last check to state:
"If the HTTP status represents failure (4xx), other than 404 or a
request for authentication (e.g. 401):
If the response relates to a request for a linked resource (see 2.4.7 Linked Resources), continue with the test (see 3.10 LINK_TARGET_FORMAT ) and warn
Otherwise (i.e. for included resources), FAIL"
 Links in a Web page intended for mobile consumption are an important constituent of the user experience. The user should be able to "trust" that clicking on a link does not yield an error message.

For that reason, we think that returning FAILs in the LINK_TARGET_FORMAT is indeed needed.

However, it occurred to us that HTTP Status 406 responses could well be returned for resources tasted by section 3.15.1 Object Element Processing Rule, and that this should obviously not trigger a FAIL, so we relaxed that last condition in that case as you suggested:
http://www.w3.org/2005/MWI/BPWG/Group/Drafts/mobileOK-Basic-1.0-Tests/080707r#http_response		 yes
LC-2159 Thomas Roessler <tlr@w3.org> on behalf of Web Security Context Working Group (archived comment)
Hello,

this is a post last call comment concerning the mobile OK basic
tests 1.0, on behalf of the Web Security Context Working Group.

We notice that section 2.4.3 - HTTP Response - uses the notion of an
"HTTPS response". There is no such thing.

We also notice that the notion of an "invalid certificate" does not
match what we understand to be the Best Practice Working Group's
intention with this test.

We propose that you update this criterion, at a minimum, as follows:

If the resource is accessed through HTTPS:
If the certificate presented does not match the
resource's URI, FAIL.

If the certificate has expired or is not yet valid, warn.

If certificate validation otherwise fails, FAIL.

Checker SHOULD consider arbitrary root certificates (including
self-signed certificates) as trusted for the purposes of
mobileOK testing.

Note that there are additional error conditions that can occur
during TLS negotiation, including a mismatch on supported algorithms
and protocol versions.

Regards,
 We added a section on HTTPS that refines the algorithm of determining an invalid https certificate. yes
Developed and maintained by Dominique Hazaël-Massieux (dom@w3.org).
$Id: index.html,v 1.1 2017/08/11 06:43:54 dom Exp $
Please send bug reports and request for enhancements to w3t-sys.org