[whatwg] Referer header sent with <a ping>?
Julian Reschke
julian.reschke at gmx.de
Fri Feb 1 14:45:37 PST 2008
Ian Hickson wrote:
>> This would make it easy to protect against unwanted ping-originated
>> requests (one could configure server or set up application firewall to
>> filter pings), and URL in <a ping> wouldn't have to contain copies of
>> page's URL and href.
>
> What do people think of this idea:
>
> We make "Referer" always have the value "PING".
Referer takes a relative reference, or a URI. Not a good idea.
> We add two headers, "X-Ping-From" which has the value of the page that had
> the link, and "X-Ping-To" which has the value of the page that is being
> opened.
You don't need any new headers.
Define a content type, and send the information you want to transmit in
the request body.
> We continue to send all cookie and authentication headers.
>
> What do people think? Would this address all the issues raised?
BR, Julian
More information about the whatwg
mailing list