[html5] r1235 - /
whatwg at whatwg.org
whatwg at whatwg.org
Wed Feb 20 11:26:39 PST 2008
Author: ianh
Date: 2008-02-20 11:26:38 -0800 (Wed, 20 Feb 2008)
New Revision: 1235
Modified:
index
source
Log:
[g] (2) Let's try a new strategy for ping=''.
Modified: index
===================================================================
--- index 2008-02-20 06:40:26 UTC (rev 1234)
+++ index 2008-02-20 19:26:38 UTC (rev 1235)
@@ -31757,20 +31757,40 @@
third-party URIs).
<p>For URIs that are HTTP URIs, the requests must be performed using the
- POST method (with an empty entity body in the request). The request must
- include a <code title="">Referer</code> HTTP header with the exact value
- "<code title="">#PING</code>". All relevant cookie and HTTP authentication
- headers must be included in the request. In addition, if the document
- containing the hyperlink being audited was not retrieved over an encrypted
- connection, or if both the URI of that document <em>and</em> the ping URI
- have the same <a
- href="#origin0">origin</a><!-- XXX xref, and check that _URIs_ can have
- origins -->,
- then the request must also include a <code title="">Ping-From</code> HTTP
- header with, as its value, the location of the document containing the
- hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
- value, the address of the target of the hyperlink.
+ POST method (with an empty entity body in the request). All relevant
+ cookie and HTTP authentication headers must be included in the request.
+ Which other headers are required depends on the URIs involved.
+ <dl class=switch>
+ <dt>If both the URI of the document containing the hyperlink being audited
+ and the ping URI have the same <a href="#origin0">origin</a><!-- XXX
+ xref, and check that _URIs_ can have origins -->
+
+ <dd>The request must include a <code title="">Ping-From</code> HTTP header
+ with, as its value, the location of the document containing the
+ hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
+ value, the address of the target of the hyperlink. The request must not
+ include a <code title="">Referer</code> HTTP header.
+
+ <dt>Otherwise, if the origins are different, but the document containing
+ the hyperlink being audited was not retrieved over an encrypted
+ connection
+
+ <dd>The request must include a <code title="">Referer</code> HTTP header
+ [sic] with, as its value, the location of the document containing the
+ hyperlink, a <code title="">Ping-From</code> HTTP header with the same
+ value, and a <code title="">Ping-To</code> HTTP header with, as its
+ value, the address of the target of the hyperlink.
+
+ <dt>Otherwise, the origins are different and the document containing the
+ hyperlink being audited was retrieved over an encrypted connection
+
+ <dd>The request must a <code title="">Ping-To</code> HTTP header with, as
+ its value, the address of the target of the hyperlink. The request must
+ neither include a <code title="">Referer</code> HTTP header nor include a
+ <code title="">Ping-From</code> HTTP header.
+ </dl>
+
<p class=note>To save bandwidth, implementors might also wish to consider
omitting optional headers such as <code>Accept</code> from these requests.
Modified: source
===================================================================
--- source 2008-02-20 06:40:26 UTC (rev 1234)
+++ source 2008-02-20 19:26:38 UTC (rev 1235)
@@ -29302,20 +29302,47 @@
URIs).</p>
<p>For URIs that are HTTP URIs, the requests must be performed using
- the POST method (with an empty entity body in the request). The
- request must include a <code title="">Referer</code> HTTP header
- with the exact value "<code title="">#PING</code>". All relevant
- cookie and HTTP authentication headers must be included in the
- request. In addition, if the document containing the hyperlink being
- audited was not retrieved over an encrypted connection, or if both
- the URI of that document <em>and</em> the ping URI have the same
- <span>origin</span><!-- XXX xref, and check that _URIs_ can have
- origins -->, then the request must also include a <code
- title="">Ping-From</code> HTTP header with, as its value, the
- location of the document containing the hyperlink, and a <code
- title="">Ping-To</code> HTTP header with, as its value, the address
- of the target of the hyperlink.</p>
+ the POST method (with an empty entity body in the request). All
+ relevant cookie and HTTP authentication headers must be included in
+ the request. Which other headers are required depends on the URIs
+ involved.</p>
+ <dl class="switch">
+
+ <dt>If both the URI of the document containing the hyperlink being
+ audited and the ping URI have the same <span>origin</span><!-- XXX
+ xref, and check that _URIs_ can have origins --></dt>
+
+ <dd>The request must include a <code title="">Ping-From</code> HTTP
+ header with, as its value, the location of the document containing
+ the hyperlink, and a <code title="">Ping-To</code> HTTP header
+ with, as its value, the address of the target of the hyperlink. The
+ request must not include a <code title="">Referer</code> HTTP
+ header.</dd>
+
+ <dt>Otherwise, if the origins are different, but the document
+ containing the hyperlink being audited was not retrieved over an
+ encrypted connection</dt>
+
+ <dd>The request must include a <code title="">Referer</code> HTTP
+ header [sic] with, as its value, the location of the document
+ containing the hyperlink, a <code title="">Ping-From</code> HTTP
+ header with the same value, and a <code title="">Ping-To</code>
+ HTTP header with, as its value, the address of the target of the
+ hyperlink.</dd>
+
+ <dt>Otherwise, the origins are different and the document
+ containing the hyperlink being audited was retrieved over an
+ encrypted connection</dt>
+
+ <dd>The request must a <code title="">Ping-To</code> HTTP header
+ with, as its value, the address of the target of the hyperlink. The
+ request must neither include a <code title="">Referer</code> HTTP
+ header nor include a <code title="">Ping-From</code> HTTP
+ header.</dd>
+
+ </dl>
+
<p class="note">To save bandwidth, implementors might also wish to
consider omitting optional headers such as <code>Accept</code> from
these requests.</p>
More information about the Commit-Watchers
mailing list