<div class="gmail_quote">On Feb 2, 2008 9:59 PM, dolphinling <<a href="mailto:lists@dolphinling.net">lists@dolphinling.net</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="Ih2E3d">Ian Hickson wrote:<br>> On Fri, 1 Feb 2008, Julian Reschke wrote:<br>>> Ian Hickson wrote:<br></div><div class="Ih2E3d">>>> What do people think of this idea:<br>>>><br>>>> We make "Referer" always have the value "PING".<br>
>> Referer takes a relative reference, or a URI. Not a good idea.<br>><br>> Interesting.<br>><br>> I see two ways forward here. One would be to redefine Referer to remove<br>> the relative URI thing, since, to my knowledge at least, nobody uses it.<br>
><br>> The other is that we can define the magic value to be "#PING" instead,<br>> since that's a non-conforming Referer value right now.<br>><br>> Would that work for people? dolphinling? Darin?<br>
<br></div>If (X-)Ping-From/Ping-To are present, why is a referer needed at all? I'd say<br>just leave it out. If not, #PING works for me.</blockquote><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder">
</div><div>It's true that the Ping-From/To headers carry the important information, but I suspect that sending a Referer header is nice for servers that happen to receive unsolicited pings. Server logs will likely store the value of the Referer header, and this way, site admins can see why they are receiving these funny POST messages.</div>
<div><br class="webkit-block-placeholder"></div><div>Julian, "#PING" seems like a reasonable choice since it will not collide with any pre-existing Referer header values. I think that's what Ian had in mind by writing "<span class="Apple-style-span" style="border-collapse: collapse; color: rgb(80, 0, 80); ">non-conforming".</span></div>
<div><br></div><div>-Darin</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br><br>Cookies and authentication headers I'm ambivalent about; no one's made a<br>persuasive case either way for them, and I haven't looked myself.<br><div class="Ih2E3d"><br><br>>>> We add two headers, "X-Ping-From" which has the value of the page that<br>
>>> had the link, and "X-Ping-To" which has the value of the page that is<br>>>> being opened.<br><br></div>(sorry for the double copy, Hixie, forgot to CC the list the first time)<br><font color="#888888"><br>
--<br>dolphinling<br><<a href="http://dolphinling.net/" target="_blank">http://dolphinling.net/</a>><br></font></blockquote></div><br>