[whatwg] Referer header sent with <a ping>?
darinf at gmail.com
Sat Feb 2 08:10:42 PST 2008
On Feb 1, 2008 2:45 PM, Julian Reschke <julian.reschke at gmx.de> wrote:
> Ian Hickson wrote:
> >> This would make it easy to protect against unwanted ping-originated
> >> requests (one could configure server or set up application firewall to
> >> filter pings), and URL in <a ping> wouldn't have to contain copies of
> >> page's URL and href.
> > What do people think of this idea:
> > We make "Referer" always have the value "PING".
> Referer takes a relative reference, or a URI. Not a good idea.
> > We add two headers, "X-Ping-From" which has the value of the page that
> > the link, and "X-Ping-To" which has the value of the page that is being
> > opened.
> You don't need any new headers.
> Define a content type, and send the information you want to transmit in
> the request body.
> > We continue to send all cookie and authentication headers.
> > What do people think? Would this address all the issues raised?
> BR, Julian
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg