karlcow

Update 30 March 2011: The issue with Starbucks Web site has been fixed. There are still other sites exhibiting the issue. A fix has been proposed by Rohan Singh

I have always been experimenting with XHTML. When properly served as application/xhtml+xml, it becomes a powerful tool to check the quality of your markup. The browser will throw an error if the code is not well-formed. It doesn’t solve the accessibility or semantics issues, but it helps a bit for constraining the quality of your code. On the other hand, it introduces issues in terms of scripting if you decide to change the Content-Type at the end of the chain.

Accept and Content-Type in HTTP

A browser (client) and a server exchange messages on how to handle a specific piece of information identified by a URI. So When a client is requesting http://www.opera.com, it sends along some HTTP headers. One of these headers specifies the type of format the browser is able to process and the order in which it would like to process. This header is Accept:. Each browser has a slight different Accept: header.

Table of Accept headers for some HTTP clients

Browser	Accept header
Opera Desktop 11.0	text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Opera Mobile Emulator	text/html, application/xml;q=0.9, application/xhtml+xml, multipart/mixed, application/vnd.wap.multipart.mixed, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Firefox 4	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Safari 5	application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
curl	*/*
IE9	image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*

Usually the server replies with the most appropriate format matching what the client is requesting. So if the client is asking application/xhtml+xml and the server has the representation of this resource in this format it will send it along with the appropriate Content-Type, in this case application/xhtml+xml.

The issue

Some high profiles Web sites all under Microsoft IIS are behaving strangely. Let’s use curl as we did it previously and its possibility to send specific User-Agent: information and Accept: HTTP headers. We will do our tests on Starbucks Web site.

Curl Accept: /

A very simple one, curl by default sends Accept: */*. It means “send me anything you could have for this URI and I will do my best to understand it”

curl -sI http://www.starbucks.com

The server returns a Content-Type: application/xhtml+xml. Fair enough, we said we were accepting anything.

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 41954
Content-Type: application/xhtml+xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=40pk0kfikyv2lnr3t10yckjl; path=/; HttpOnly
Set-Cookie: skin=; path=/
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 16:58:38 GMT

Curl Accept: text/html

Let’s be more precise. We will tell the server that we want text/html only.

curl -sI -H "Accept: text/html" http://www.starbucks.com/

Neat! The server returns the right Content-Type: text/html. Everything is good! This server is behaving quite well so far.

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 41954
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=xm0t31ebosa1symnb5xn4gkm; path=/; HttpOnly
Set-Cookie: skin=; path=/
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 17:03:35 GMT

Opera 11.01

I will be using Opera 11.01 with these two parameters :

• User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.6.6; U; fr) Presto/2.7.62 Version/11.01
• Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1

We can use Opera Dragonfly to check the headers or use curl by mocking Opera.

curl -sI -H "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1" -A "Opera/9.80 (Macintosh; Intel Mac OS X 10.6.6; U; fr) Presto/2.7.62 Version/11.01" http://www.starbucks.com/

We then receive from the server Content-Type: application/xhtml+xml. As I said before, it is ok, because we said it was one of the formats we accepted.

HTTP/1.1 200 OK 
Cache-Control: private
Content-Type: application/xhtml+xml; charset=utf-8
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=xdtworhtqlte5mxur2zeulay; path=/; HttpOnly
Set-Cookie: skin=; path=/
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 17:09:43 GMT

The big issue is that the server is sending to Opera a file which is obviously not well-formed XHTML and because the server said it was Content-Type: application/xhtml+xml, the XML parser fails to process a none well-formed XML (XHTML). That is a major usability issue for Opera users. Let’s continue a bit our testing.

Firefox 4

This time we will be using Firefox 4.

curl -sI -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -A "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b11) Gecko/20100101 Firefox/4.0b11" http://www.starbucks.com/

Hmmm Amazing the server this time is answering with Content-Type: text/html. This starts to be fishy. Note that it is still a valid answer from the server. The client said it could receive both. The server decided to send html.

HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 17:06:43 GMT

Stricter Firefox 4 with only “application/xhtml+xml”

This time we will ask the server to send only application/xhtml+xml

curl -sI -H "Accept: application/xhtml+xml" -A "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b11) Gecko/20100101 Firefox/4.0b11" http://www.starbucks.com/

Oh surprise. This time the answer of the server is wrong. The server sent back Content-Type: text/html without respecting the HTTP contract. Fishy, the server does user agent sniffing ?

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 41954
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=q41qfc3adwjsidjgtevpxnnk; path=/; HttpOnly
Set-Cookie: skin=; path=/
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 17:24:48 GMT

Opera 11 with only “text/html”

Let’s be sure about the intuition on user agent sniffing. We send Opera user agent and we require to receive text/html.

curl -sI -H "Accept: text/html" -A "Opera/9.80 (Macintosh; Intel Mac OS X 10.6.6; U; fr) Presto/2.7.62 Version/11.01" http://www.starbucks.com/

The server sends to Opera… Content-Type: application/xhtml+xml. This time we can be sure, the server does user agent sniffing.

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 41954
Content-Type: application/xhtml+xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
p3p: CP="CAO PSA OUR"
Set-Cookie: ASP.NET_SessionId=vfzwujvflotbibe4qet0foxb; path=/; HttpOnly
Set-Cookie: skin=; path=/
X-Powered-By: ASP.NET
Date: Thu, 03 Mar 2011 17:27:51 GMT

Why is this an issue?

Opera gets a different content-type than other browsers which could be fine if the server was sending well-formed XML. Opera is right to fail on this none well-formed content. But unfortunately because nobody cared to test that the markup was well-formed, Opera looks like if it was wrong compared to other browsers. It’s why I call wrong to be right. The consequences are terrible, because the Opera users can’t access these sites and they are penalized because we do the right thing.

What should we do?

• We try to contact the owners of these Web sites (starbucks, spanair, phenomblue, leisurepro, mcafee, teavana, etc.)
• We try to identify the library which is in charge of the user-agent sniffing, we have a lead for an unsupported library called MDBF
• We could PATCH for these specific Web sites, but then we lose the benefits of pressuring the owners of fixing their sites, because they will have the impression it is working.

Really there is no perfect solution, but in the end, the Opera users do not have the freedom of choice.

Promoting interoperability is at the heart of Open The Web.

If you had missed the topic of the week is Google planning to drop the support of H264 in Chrome. I’ll spare you the links, there were plenty all over twitter.

Web standards

• Navigation Timing defines an interface for web applications to access timing information related to navigation and elements. And an experiment from Google
• Chrome will stop support for H264
• 25th anniversary of the IETF

I18N

• 7 Tips and Techniques For Multi-lingual Website Accessibility
• InputKing, Online Input System is a web-based multilingual input method editor (IME). Google’s version

CSS

• Introduction to CSS Escape Sequences
• CSS3 Flexbox vs A Princess Bride

HTML5

• Version 1.3 of the Validator.nu HTML Parser Released
• Wrapping Things Nicely with HTML5 Local Storage
• Using ARIA instead of IDs in HTML
• What the heck is shadow DOM?
• What is happening with XBL?

Web APIs

• How to Use JavaScript Shared Web Workers in HTML5

• Web Audio API

Mobile

• 2010 Mobile browser stats
• Mobile OS usage splits the world (chart)

HTTP

• LOL Verbs and Gripes in URIs, Again
• Agent driven conneg in HTTP
• experimenting w/ RESTful clients
• Video and Audio resources on REST topics
• Add the correct mime-type for your fonts

SVG

• SVG: The best way to graph quantitative data

XML

• xml5.js

Be Strict To Be Cool was my mail signature when I was working at W3C. It was a "clin d'œil" to the Robustness principle (Postel Law), which is basically when you send a message to someone (or a software), be very strict in the syntax and grammar of your message, when you receive a message be flexible enough to deal with bad messages as long as you can interpret it. It is what I called once the Hear-Write Web.

Opera's Open The Web is the initiative to help Web developers to fix their Web sites. It is also a way for customers to identify when Opera browsers specifically, but sometimes others such as Firefox, Safari, Chrome, and IE, do not work with a specific Web site. The ODIN team is then looking at what could be the origin of the issue. Armed with curl, View Source, and the wonderful opensource DragonFly, we explore, analyze and figure our next actions.

Sometimes, it is really a browser bug, which is being taken care of by implementers at Opera. But most of the time, the issue is related to bad server settings, bad user agent sniffing, javascript mistakes, rogue server side libraries, etc. Some cases are mind boggling. Proxy and routers introduce their own share of issues too. The most difficult task is not being to analyze the issue but to find the right contact for the Web site. A person who will understand what you are talking about. The communications and marketing departments of big companies are more responsive and very helpful. Something going wrong on their Web site is less customers.


Looking at this daily pile of bugs and issues, I thought today that it might be interesting to collect them little by little and explain them. The goal is not to create a wall of shame, but to help Open The Web by giving hints to Web developers on what has been done wrong in their settings, developments, etc. Often, they just do not realize because it is a case that they never experienced. Everyone is making mistakes. What I'm interested in is how collectively, we leverage our knowledge for creating a better Open Web.

Promoting interoperability is at the heart of Open The Web.

Web standards

• W3C: An Open Platform for Web Standardisation
• The Trouble With Web Standards and The Trouble With Web Standards, Part 2: Top-Down Doesn’t Work
• IPv6 the statistics.
• What should be an Open Web App Store his views about the control over data according to Tristan Nitot, which reminds me that I should refresh Data Independence And Survival Best Practices.
• Postcards from TPAC and a comment by Shelley Powers about it.

Extensions - Add-ons

• Browser Add-on API Coverage

Mobile

• Smartphone Browser Landscape
• Mobile Web Application Best Practices - W3C Recommendation 14 December 2010

SVG

• SVG cursors hmmm. Not sure about this The era of whizbang cheesy animated smil cursors?

CSS

• CSS3 Media Queries? Download Answers
• Using CSS without HTML
• Targeting mobile-optimized CSS at Windows Phone 7

HTTP

• Pushing Beyond Gzipping

Accessibility

• color contrast tests for system color FieldText with opacity:0.54

Javascript

• Why Twitter doesn’t count
• JSLint The Javascript Code Quality Tool
• Announcing ECMAscript 5.1 The last draft

HTML5

• HTML5 Audio
• Beyond HTML5 - Conversational Voice and Video Implemented in WebKit GTK+
• Beyond HTML5 - Implementing <device> and stream management in WebKit

Opera

• Web specifications support in Opera Presto 2.7 Milestones 70
• New HTML5 features in Opera 11
• How to Create an Opera Extension from Scratch
• AppleScript to enter Opera fullscreen mode

Speaker Lust

• SlideDown Yet Another slidemaker tool. Markdown Syntax and Ruby driver
• On Speaking
• SudWeb A conference about Web technologies in the South of France (Nîmes) on May 27, 2011. Call For Speakers before February 7, 2011
• UX Web. on May 26, 2011. Same place than SudWeb. Call For Speakers before February 28, 2011

Caleb, a former colleague, testing the Pheromone Lab Web site on Opera Mini told me: "When you switch from Portrait Mode to Landscape Mode, the page is not resized to the full width of the viewport." Indeed. Was it a bug in his CSS or a bug on Opera Mini? Neither. But first you need to understand what is Opera Mini.

Opera Mini has its main rendering engine (the software which interprets html, CSS, javascript, …) not on the mobile device but on a distant Opera server. When you type an address such as http://example.org/, a request is sent to the Opera Server, which is acting as a client for the Web site on http://example.org/. The Web site sends back an answer to Opera server, which interprets it and make an OBML file. OBML stands for Opera Binary Markup Language which creates a kind of compressed image of the Web page (sometimes 90% of size reduction).


Image from A developer’s look at Opera Mini 5

When you switch the orientation of the device. Opera Mini has just an image to rotate and not the full code to reinterpret for fluid and flexible layouts. You then need to reload the pages so that it is resized for the new landscape mode of the mobile device.

If you need to test your own design with Opera Mobile and Opera Mini, go to the Developer Tools page. You will find an Opera Mobile emulator (full Browser) or the Opera Mini Simulator and the ultimate tool for debugging: DragonFly.