Being Strict About HTTP Link Header

Opera users are reporting Web sites which seem to not work properly. That is good. There are two cases:

  • The browser is wrong and we have to fix it
  • the Web site is wrong is wrong and we try to contact them

But sometimes it is trickier. The browser can be perceived as being wrong when it is right on the technical side.

Someone reported us that he could not connect with Opera to Restlet. When looking at the HTTP headers, we can discover something a bit funny:

% curl -sI http://wiki.restlet.org/
HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:30:33 GMT
Server: Jetty(6.1.9)
X-Cocoon-Version: 2.1.11-dev
X-Daisy-Version: 2.4.1 (build: banana/20101216 16:32:48+0100; run: Linux/i386/2.6.34.6-xxxx-grs-ipv6-32 java/1.5.0_22-b03)
Content-Type: text/html; charset=utf-8
Content-Length: 3825
Link: "http://wiki.restlet.org:80/amcd.json>; rel='acct-mgmt';
X-Account-Management-Status: none
Via: 1.1 wiki.restlet.org (Apache/2.2.9)
Vary: Accept-Encoding

Indeed, the HTTP Link header is broken. The correct syntax is:

Link: <http://wiki.restlet.org:80/amcd.json>; rel='acct-mgmt';

We contacted the owners of the website and they were indeed surprised. Not looking at their websites with Opera, they didn't notice the issue. Other browsers do voodoo magic and silently ignore the faulty HTTP header. The Restlet site is using DaisyCMS. And indeed, all sites using DaisyCMS are exhibiting the same issue. Fortunately, DaisyCMS is an open source project, so I opened a ticket about this bug.

What about Opera?

This is tricky. The perception by common users is that Opera is buggy, when Opera is just saying: "Hey these headers are bogus, I stop here because it might lead to a wrong interpretation of the document." Same usual story. The fact is that most people are not tech savvy enough to understand that, specifically when other browsers have a different behavior and silently recover.

Note that it might be a dangerous path. When the browser does not send an error message to users, they don't see the website's mistakes. It is then less likely that these errors will be reported. It also might lead in some cases in some serious security issues. So there is a right balance to be found for each case. We decided to open a bug, CORE-38210, so that Opera will ignore this type of bogus HTTP Link header in future releases.

Finding the right balance in between a strict implementation of the technology and a smooth user interaction is a challenging art.